MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many pointing to Shopify domains, but one critical link directs to a known malicious redirector at 'ttraff.com'. The document body, though heavily obfuscated, contains text related to 'Figuras bidimensionales para colorear' and the malicious URL, suggesting a lure to disguise the malicious intent. The heuristic firings confirm the presence of a malicious redirector and a link farm, indicating a likely phishing or scam campaign.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=figuras+bidimensionales+para+colorear
- https://cdn.shopify.com/s/files/1/0437/4659/0872/files/sony_tablet_s.pdf
- https://cdn.shopify.com/s/files/1/0438/5210/3842/files/sterling_arms_22_pistol.pdf
- https://cdn.shopify.com/s/files/1/0448/0483/3441/files/turbocad_tutorials.pdf
- https://cdn.shopify.com/s/files/1/0433/8509/4307/files/tunetovegexopo.pdf
- https://cdn.shopify.com/s/files/1/0432/2754/5757/files/google_docs_translate.pdf
- https://static.usrfiles.com/ugd/b8c837_d432e32bd3b54e0988582ef2b3f4adce.pdf
- https://static.usrfiles.com/ugd/4826f5_d89474d6a66a4ed4b0aba8560a98e5a9.pdf
- https://static.usrfiles.com/ugd/b8c837_c5ccd4701b2d4f4f9a250e922d0e93c1.pdf
- https://static.usrfiles.com/ugd/b8c837_636df3f81567434b8f96819371890238.pdf
- https://static.usrfiles.com/ugd/585b1d_94b452cb5e8c4c679c927f48b6f7e6fd.pdf
- https://static.usrfiles.com/ugd/b8c837_93dae03bf6514f08b27d70aaf29ecec3.pdf
- https://static.usrfiles.com/ugd/b8c837_233d63fd43384f64a6583dfb153e8502.pdf
- https://static.usrfiles.com/ugd/b8c837_1799b72328164383a0be2068d69752dc.pdf
- https://static.usrfiles.com/ugd/b8c837_d893d8d477614834b383787219da530e.pdf
- https://static.usrfiles.com/ugd/b8c837_dd6b989234fb4b62b9efc3dbff31a08e.pdf
- https://static.usrfiles.com/ugd/bb13a2_290dccf044b24138a1ba602d4cd37435.pdf
- https://static.usrfiles.com/ugd/9e53d4_be7752e27224402f802debbcd1bae4ed.pdf
- https://static.usrfiles.com/ugd/08fe48_29dfdf6dad5c44f48ee9d57fead211b9.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0000ecb8.bin0756b4bfe8152f44438265b143f8e88b89fec0e7dbd0d160103c1f1ef9175547 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xECB8 | 18324 bytes |
font_00_sfnt_off0000b55d.bin9216f2d9b747604794baa18e6b9e6681d5166a0afb6066517e46606db1225d7b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB55D | 5488 bytes |
font_01_sfnt_off0000c7e4.binb1fca32d100dc0aaa107b6e7e7415bf7eaeaeb1a8c41439ff7de204be82d796e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC7E4 | 11276 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.