MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=jack+schwager+market+wizards+hedge+fund'. This URL is likely used to redirect users to malicious content, possibly for phishing or financial scams. The document also exhibits characteristics of a link farm, with numerous links to Shopify-hosted PDFs, suggesting an attempt to manipulate search engine results or distribute content broadly. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=jack+schwager+market+wizards+hedge+fund
- https://cdn.shopify.com/s/files/1/0432/6332/8418/files/top_self_help_books.pdf
- https://cdn.shopify.com/s/files/1/0430/2536/7194/files/xuvamulugepugo.pdf
- https://cdn.shopify.com/s/files/1/0440/6309/6984/files/training_calendar_template_doc.pdf
- https://cdn.shopify.com/s/files/1/0435/9297/4499/files/balumabeziviku.pdf
- https://cdn.shopify.com/s/files/1/0434/5489/0149/files/relojipibewadowez.pdf
- https://cdn.shopify.com/s/files/1/0430/6593/3973/files/sentinel_node_breast_cancer_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/51106899687.pdf
- https://cdn.shopify.com/s/files/1/0437/9394/0641/files/fimurasazevatuduretuz.pdf
- https://cdn.shopify.com/s/files/1/0427/7354/5116/files/albany_state_university_application.pdf
- https://cdn.shopify.com/s/files/1/0429/7791/9129/files/gugoxode.pdf
- https://cdn.shopify.com/s/files/1/0428/3600/0931/files/jigamem.pdf
- https://cdn.shopify.com/s/files/1/0431/6394/3067/files/tiwimexesexatuvad.pdf
- https://cdn.shopify.com/s/files/1/0438/2919/9005/files/aakhya_ka_yo_kajal_song_mp4.pdf
- https://cdn.shopify.com/s/files/1/0429/6133/8531/files/koguwinuloxeboruvipipi.pdf
- https://cdn.shopify.com/s/files/1/0434/2172/8930/files/tuxinotof.pdf
- https://cdn.shopify.com/s/files/1/0437/1972/1115/files/ap_biology_textbook_campbell_11th_edition.pdf
- https://cdn.shopify.com/s/files/1/0437/1814/8261/files/23833171414.pdf
- https://cdn.shopify.com/s/files/1/0432/7741/8656/files/gitujunowupik.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000072f0.bincb33fcfe35781c4bdeb572f19629421610d46afe62642b3cc0d6081c051c31a6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72F0 | 5600 bytes |
font_01_sfnt_off000085f0.bind1c55b2a07a97e77b365b9e15a7e106335bf6e49b4b0b95ae04994e94ae9073e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85F0 | 10508 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.