MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link farm and a malicious redirector, indicating an attempt to lure users to malicious sites. The document body, though heavily obfuscated, contains the URL https://ttraff.com/pify?keyword=business+studies+class+11+pdf+free+download, which is flagged as a malicious redirector. This suggests the document's primary purpose is to facilitate the download of further malicious content or lead users to phishing pages.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=business+studies+class+11+pdf+free+download
- http://zemavowa.oaklandmillsonline.com/uploads/1/3/0/7/130776436/4f002fed58.pdf
- http://files.premoderndiplomats.org/uploads/1/3/2/8/132814250/2994152.pdf
- http://files.elizamaleckidance.com/uploads/1/3/0/7/130775228/af16b9c4.pdf
- http://solur.intothewildlife.org/uploads/1/3/1/4/131437508/3233590.pdf
- https://cdn.shopify.com/s/files/1/0436/5893/6473/files/alhambra_zip_code.pdf
- https://cdn.shopify.com/s/files/1/0433/8037/5704/files/jodiwoturijotonudonugirib.pdf
- https://cdn.shopify.com/s/files/1/0432/7197/9171/files/63783339943.pdf
- https://cdn.shopify.com/s/files/1/0431/6469/6738/files/8847881623.pdf
- https://cdn.shopify.com/s/files/1/0432/0650/8701/files/viwujigotasumirone.pdf
- https://cdn.shopify.com/s/files/1/0434/0151/1064/files/25312765094.pdf
- https://cdn.shopify.com/s/files/1/0430/8808/5145/files/28025048221.pdf
- https://cdn.shopify.com/s/files/1/0434/3519/6566/files/tulitufudurozasipivenupi.pdf
- https://cdn.shopify.com/s/files/1/0428/1060/5735/files/calendario_2020_escolar_mexico.pdf
- https://cdn.shopify.com/s/files/1/0433/8765/0211/files/vezokinojasa.pdf
- https://cdn.shopify.com/s/files/1/0430/8631/5682/files/ripifapa.pdf
- https://cdn.shopify.com/s/files/1/0439/1138/1147/files/cub_cadet_1000_series_service_manual.pdf
- https://cdn.shopify.com/s/files/1/0438/7130/5896/files/99191018234.pdf
- https://cdn.shopify.com/s/files/1/0430/8015/5290/files/17148553222.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006196.bin66752024b97c19088621168dff1a32f29fb5c681bfd575747f61a547c6a82228 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6196 | 5344 bytes |
font_01_sfnt_off000073e4.bin54f1bd6c90dde4c05fc93bee5d086ef50e51916f7b3dcf522ab9e379a0133ddb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73E4 | 10076 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.