MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of embedded links, many of which point to external PDF files hosted on various domains. One of these links redirects to a known malicious domain (ttraff.ru), indicating a phishing or redirection attempt. The document body, though heavily obfuscated, suggests a lure related to a 'Braves schedule 2020 pdf'. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=braves+schedule+2020+pdf
- http://files.wellnesswednesdayswithkatie.com/uploads/1/3/1/1/131163512/7e84ba20e07fa44.pdf
- http://files.michelle-kessler.com/uploads/1/3/1/3/131398338/179b8a12186d.pdf
- http://files.hbluxury.co/uploads/1/3/1/4/131437576/4054971.pdf
- http://files.maggieshao.com/uploads/1/3/1/6/131636862/75c7e2b3b2.pdf
- http://files.zalzabik.com/uploads/1/3/2/6/132696154/mavizoso.pdf
- http://files.maggiesh
- https://cdn.shopify.com/s/files/1/0432/6175/5547/files/xariputadatuseradixeta.pdf
- https://cdn.shopify.com/s/files/1/0430/7176/6690/files/pilew.pdf
- https://cdn.shopify.com/s/files/1/0433/8037/5704/files/fupenatobesi.pdf
- https://cdn.shopify.com/s/files/1/0428/5772/6118/files/54314847090.pdf
- https://cdn.shopify.com/s/files/1/0440/4533/6726/files/gizep.pdf
- https://cdn.shopify.com/s/files/1/0429/7955/7529/files/turemijeligejobezabewot.pdf
- https://cdn.shopify.com/s/files/1/0437/5298/0641/files/74446533974.pdf
- https://cdn.shopify.com/s/files/1/0431/7364/2389/files/letipazisu.pdf
- https://cdn.shopify.com/s/files/1/0434/8693/7253/files/25713479556.pdf
- https://cdn.shopify.com/s/files/1/0431/7259/3832/files/gifiwujavagosigujaremoviw.pdf
- https://cdn.shopify.com/s/files/1/0436/3429/4937/files/rilalasaxipune.pdf
- https://cdn.shopify.com/s/files/1/0430/7661/6353/files/76425453978.pdf
- https://cdn.shopify.com/s/files/1/0439/5070/2750/files/18564396840.pdf
- https://cdn.shopify.com/s/files/1/0432/8495/5300/files/tefoxalomidogovirofuwi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007bb1.bine6b733fb25d7889c9f1546d50c284c821f399ad28c0b36a681af24a1aad63257 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BB1 | 5164 bytes |
font_01_sfnt_off00008d58.bincc044367b006385fa4c5672524ff0284f51679acb59c9fa647283ba5be682a0a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8D58 | 10444 bytes |
font_02_sfnt_off0000b145.bin04f7f01f0e81293101bff3dd2fde270aec15dc769f0ca1dde224ef3aeb45275a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB145 | 16428 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.