MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to Shopify domains, likely as part of an SEO link farm. One critical heuristic identified a link to a known malicious redirector at 'https://ttraff.me/wix?keyword=2+hour+delay+schedule+wcasd'. This suggests the document's primary purpose is to direct users to malicious infrastructure, potentially for further exploitation or phishing.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=2+hour+delay+schedule+wcasd
- https://cdn.shopify.com/s/files/1/0441/0467/9576/files/13916059023.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/56655156305.pdf
- https://cdn.shopify.com/s/files/1/0433/4285/6344/files/nivoxujemetaju.pdf
- https://cdn.shopify.com/s/files/1/0438/0730/9986/files/if_u_seek_amy_roblox.pdf
- https://cdn.shopify.com/s/files/1/0433/0668/0484/files/61063315492.pdf
- https://cdn.shopify.com/s/files/1/0466/7300/2661/files/86780292459.pdf
- https://cdn.shopify.com/s/files/1/0434/7622/2118/files/iicrc_s500.pdf
- https://cdn.shopify.com/s/files/1/0434/2788/9319/files/97017411885.pdf
- https://d13eea70-82f0-4870-a3d9-36f1163e51c8.filesusr.com/ugd/b42fd6_cb7b33c61d7c4c6093bd34bf29be9da9.pdf?index=true
- https://3fa29b3d-b80e-4bc0-8591-c363ebff81cd.filesusr.com/ugd/ad2ade_a8e4a8fd5d264655a99698d1ff977bda.pdf?index=true
- https://c68271ef-5e81-4973-b566-ab930377ca42.filesusr.com/ugd/469aea_9a153cfe35ec443587cafc90e96b7c1f.pdf?index=true
- https://50ec8bc7-aea4-4c6e-9d6f-a0915693186d.filesusr.com/ugd/bcd086_c0793db9c22b422fa79c70804707e28e.pdf?index=true
- https://abfe3830-c822-4f57-838f-8ad88b7737d5.filesusr.com/ugd/6290de_4bc94b7ee9dd409a9678db5c24da4f64.pdf?index=true
- https://989841f5-4df5-4d3d-8654-0d587b4cb72e.filesusr.com/ugd/370ea2_42faffbf218746cbacd4744aa9582b02.pdf?index=true
- https://50afe070-023a-420a-b86f-5e6b301f8aec.filesusr.com/ugd/c8683e_dec2b6e645274a059e24d12f8ecf0c8c.pdf?index=true
- https://26a986a3-dd6a-4f7d-8e1a-19b5c2cb9756.filesusr.com/ugd/34e21e_049060a657fe4d0988012d35a940a7f8.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004a58.binfe01df4b790206c6cda327d8eb90aba5a22fef265830bc6ca85983eeeb901cb0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A58 | 5256 bytes |
font_01_sfnt_off00005c41.bin2714bc757fcfd9a631751b56b51b37c798dc7b200ab7995430b038c89da75579 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C41 | 9752 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.