MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=parole+packet+samples'. Additionally, it exhibits a PDF link farm behavior, embedding numerous external links, one of which is a Shopify URL. The document body, though heavily obfuscated, contains fragments of the redirector URL and other PDF links, suggesting a lure to external content. The presence of urgency language further supports a phishing or social engineering attack pattern.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=parole+packet+samples
- https://cdn.shopify.com/s/files/1/0432/0673/8079/files/2008_ap_calculus_ab_free_response.pdf
- https://cdn.shopify.com/s/files/1/0431/4896/8090/files/ladewozodiduwubelizazufeb.pdf
- https://cdn.shopify.com/s/files/1/0448/0519/3885/files/introduction_to_photolithography.pdf
- https://static.usrfiles.com/ugd/b8c837_ca74d9dd5a584ad8b942c1ef8aaa3821.pdf
- https://static.usrfiles.com/ugd/b8c837_9109b88c05074a64ba9531a98d372619.pdf
- https://static.usrfiles.com/ugd/b8c837_660e91e05a264cf58167280eab440006.pdf
- https://static.usrfiles.com/ugd/b8c837_1a3ecd10e2ae41c4a38f2cb00ddd1fec.pdf
- https://static.usrfiles.com/ugd/b8c837_fbf294685cf645a9b97a4256325a8763.pdf
- https://static.usrfiles.com/ugd/b8c837_2150e9f0dea54ed888cc0ed45ba302a3.pdf
- https://static.usrfiles.com/ugd/b8c837_ce34b69915f945f9996a0bdff8cedec7.pdf
- https://static.usrfiles.com/ugd/b8c837_af2cee9a670f4813b69f73cfc40e8136.pdf
- https://static.usrfiles.com/ugd/b8c837_06a290a14c7b4918819c938994945933.pdf
- https://static.usrfiles.com/ugd/b8c837_abebc3777b5b4a4f8867a1f155e4821f.pdf
- https://static.usrfiles.com/ugd/b8c837_e3fd023897294987986df00c7fe39778.pdf
- https://static.usrfiles.com/ugd/b8c837_6df89ec7e95e4facbbf0a612c0d38c02.pdf
- https://static.usrfiles.com/ugd/b8c837_2b3463456e4549edbdb81a62087af4a4.pdf
- https://static.usrfiles.com/ugd/b8c837_cdeea24ea27f4720a59cad1fc6193a53.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068a0.binc2ef5a47b0d8669f597e0a130cc36f4eb97ab78afd7d14618e7d46791e89f73f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68A0 | 5144 bytes |
font_01_sfnt_off00007a0a.bin2acd7eb32c62d57c672c72d88a8e667783effd4d1e8ad9c5f46cf2180da21769 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A0A | 10700 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.