MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link, which is the primary indicator of malicious intent. The document body, though partially corrupted, contains text related to a 'bvsd preschool calendar 2020-21' and includes the malicious URL, suggesting a lure to disguise the malicious redirect. The file also contains a large number of embedded links, many pointing to Shopify, which is characteristic of SEO link farm techniques used to obscure malicious destinations.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=bvsd+preschool+calendar+2020-21
- https://cdn.shopify.com/s/files/1/0434/6976/6808/files/39073172993.pdf
- https://cdn.shopify.com/s/files/1/0471/0521/2566/files/67042980515.pdf
- https://cdn.shopify.com/s/files/1/0436/9799/5941/files/kudezowunu.pdf
- https://cdn.shopify.com/s/files/1/0431/5296/5792/files/binewojelotegumu.pdf
- https://cdn.shopify.com/s/files/1/0439/2094/9416/files/giravupesegudon.pdf
- https://f03a3f12-7d36-4c38-9380-de479f30b205.filesusr.com/ugd/99965f_4cde1ae68295497fba651d7d5494adb2.pdf?index=true
- https://841d6977-9acc-4204-bd32-213ee8bc3f23.filesusr.com/ugd/93971e_ed581153316241d99214df5b1b545374.pdf?index=true
- https://3d296766-d583-49bc-b641-6d64e637933e.filesusr.com/ugd/c268f7_1a53656d17af4533a7b9e5b22144b44a.pdf?index=true
- https://cdn.shopify.com/s/files/1/0460/2216/4639/files/partituras_lldm_coro_san_francisco.pdf
- https://cdn.shopify.com/s/files/1/0433/2666/8952/files/84154448745.pdf
- https://cdn.shopify.com/s/files/1/0437/3259/8938/files/maine_maritime_football_twitter.pdf
- https://cdn.shopify.com/s/files/1/0432/4202/9215/files/anamnesis_kejang_demam.pdf
- https://cdn.shopify.com/s/files/1/0437/7985/0398/files/69531943445.pdf
- https://d6b2262d-512b-4796-acfa-d445260a625c.filesusr.com/ugd/9ff9b8_427e055daee54b7fa822d1e214e2e345.pdf?index=true
- https://69c76ae2-2ced-4d92-abc0-95db61e48370.filesusr.com/ugd/8f6098_77027fba46bc467f8b7c3541bf251c6e.pdf?index=true
- https://699ed966-400f-437c-9359-4df80dd1f94c.filesusr.com/ugd/7d1dc9_6e9cfa9476884ca9b3760292c1a81e57.pdf?index=true
- https://7a114877-c9c1-4e86-b9e8-a73a65e46c97.filesusr.com/ugd/c88839_0e97eda60dc142228296c769e8ca3fdb.pdf?index=true
- https://fda5c0ee-a04f-4493-9409-831d76a13f5a.filesusr.com/ugd/95ea6b_b919d077300c4806a522a620aac9627a.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000056c4.bin053b897c6f96004897b673d0e2c4fe782df70b5e9b19c80f583d18626ed3ee15 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56C4 | 5628 bytes |
font_01_sfnt_off000069f6.binc9951f4c766284d605b49c4366db37201878925268ac71d4e7ae97e6d8fa47a3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69F6 | 10272 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.