MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a malicious redirector link disguised as a song title, leading to a link farm of other PDFs. This suggests an attempt to lure users to malicious infrastructure, potentially for SEO poisoning or further exploitation. The presence of a callback lure heuristic further supports a phishing or scam pretext. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=chunariya+lele+aiha+dj+remix+song
- http://files.exxar1.com/uploads/1/3/1/3/131398526/mofudosum.pdf
- http://remux.hearthisspace.com/uploads/1/3/1/3/131379639/8745783.pdf
- http://viwixofu.seeyoudowntheroad.org/uploads/1/3/1/4/131438188/8589648.pdf
- https://cdn.shopify.com/s/files/1/0432/6352/5026/files/39712975551.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/45035229099.pdf
- https://cdn.shopify.com/s/files/1/0433/3459/8809/files/wozejakukepinepipokados.pdf
- https://cdn.shopify.com/s/files/1/0434/5551/2738/files/jotusizidanoditugaxon.pdf
- https://cdn.shopify.com/s/files/1/0429/0940/1254/files/buxevupakerawuvirijefetig.pdf
- https://cdn.shopify.com/s/files/1/0439/3356/5096/files/duludowaligupad.pdf
- https://cdn.shopify.com/s/files/1/0431/8094/9659/files/61353518272.pdf
- https://cdn.shopify.com/s/files/1/0435/4116/8283/files/jatenikakezepufod.pdf
- https://cdn.shopify.com/s/files/1/0435/4513/3207/files/destilacion_por_arrastre_de_vapor_practica.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f8c.bin17c64bd0047c18d66c3f1fa91d9ee6471f4ae0f3fe5374bc51c94bebbc463c1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F8C | 5392 bytes |
font_01_sfnt_off000081b9.bin6e5de5c6bcb7fdd8c5ca0d25823a8f80e6c764803c1b732dbc9c425a5c0f8ea5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x81B9 | 2092 bytes |
font_02_sfnt_off00008b5f.binfd85de1b943dbd9fe191bce76a9c30460c24e916c4e4a77ff70e0d8ae74e3624 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8B5F | 14588 bytes |
font_03_sfnt_off0000b997.binbb4620ae2308066493f479cb0495314a41e91f5b0bfb2a754d9bad2ef34af03d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB997 | 16060 bytes |
font_04_sfnt_off0000ce69.bin389096b91b9359f8617117eb9c4fc01e58dcd5110c6abe9f7e1dc46248cb5056 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCE69 | 9912 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.