MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a link that redirects to a known malicious domain, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though partially corrupted, contains text related to a 'Dell e port plus docking station manual' and the malicious URL, suggesting a lure to trick users into clicking the link. The PDF_SEO_LINK_FARM heuristic indicates a large number of external links, further supporting the malicious intent of redirecting users to potentially harmful sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=dell+e+port+plus+docking+station+manual
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/27392185694.pdf
- https://cdn.shopify.com/s/files/1/0437/9626/7168/files/dslrbooth_full_crack.pdf
- https://cdn.shopify.com/s/files/1/0429/2732/5343/files/avira_antivirus_security_full_apk.pdf
- https://c9d31606-d8c3-49d4-af85-e74e247743e4.filesusr.com/ugd/5ecadc_96099716061445ada3f78b784668d0a3.pdf?index=true
- https://cac8844f-5c14-4f82-8318-98cdf86aa2a0.filesusr.com/ugd/868b90_34bb014b15d84a22b0452724e6ff83f3.pdf?index=true
- https://cc1ce220-4a8a-45d1-8f8b-6a830e04a7f7.filesusr.com/ugd/ca9b0a_1cc58730a4c24d1e9f163888f6b28e72.pdf?index=true
- https://cdn.shopify.com/s/files/1/0462/3607/4133/files/brobar_boli_video_song_pagalworld.pdf
- https://cdn.shopify.com/s/files/1/0434/0927/7095/files/bowman_lake_california_fishing_report.pdf
- https://cdn.shopify.com/s/files/1/0434/6744/0294/files/96786358094.pdf
- https://cdn.shopify.com/s/files/1/0448/1299/2674/files/physical_science_download.pdf
- https://cdn.shopify.com/s/files/1/0429/9656/4131/files/gemorumufuretovevemopexa.pdf
- https://c8cd3aa5-8262-4b3c-bfdd-02779a0c7bd8.filesusr.com/ugd/2c608b_ad82c9a8e7d640fab6d4f29a4b1cf5bb.pdf?index=true
- https://3d326d40-ad8a-474a-aa25-73aa4954fabd.filesusr.com/ugd/d1d005_d20d5d11ee1d427d8becf3990273dd71.pdf?index=true
- https://e4a97459-960f-45ee-b99d-2368f03ef82c.filesusr.com/ugd/45fd81_00ed43cab2b44c82bb88e55206bacd8d.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000058d5.bin2bef0c869f829d4d959394c766d918269cfc1541aef81d049da84c0fff2b1c8f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x58D5 | 5456 bytes |
font_01_sfnt_off00006b57.bin9b2276511aee398c2d39474446a3ee28df51bc3c27c0e4aad82c358714a115da |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B57 | 15264 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.