Malware Insights
The PDF file contains a significant number of embedded links, with one identified as a malicious redirector. The heuristic 'PDF_MALICIOUS_REDIRECTOR_LINK' indicates that the link at 'https://ttraff.ru/wix?keyword=apa+spacing+guidelines' points to known malicious infrastructure. Additionally, the 'PDF_SEO_LINK_FARM' heuristic suggests a large number of external PDF links, with 'https://static.usrfiles.com/ugd/b8c837_57ff512707e844248063155b12a8eefa.pdf' being the first identified. This pattern is commonly used to distribute malware or conduct phishing attacks by overwhelming the user with links to potentially harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=apa+spacing+guidelines
- https://static.usrfiles.com/ugd/b8c837_57ff512707e844248063155b12a8eefa.pdf
- https://static.usrfiles.com/ugd/b8c837_b1eb81697ff347718ec98a3c8ebf3ed8.pdf
- https://static.usrfiles.com/ugd/8b9728_92ca386f0889412c98e89ff9a3ffb538.pdf
- https://static.usrfiles.com/ugd/4b68be_d794d63b57744e8a9ce08543930d56f3.pdf
- https://static.usrfiles.com/ugd/696b8a_e796e3e7c55a4e328d64f92f2bfb4fb1.pdf
- https://static.usrfiles.com/ugd/e5412a_0d324a12cc7743ff875d2b0dff00d4f4.pdf
- https://static.usrfiles.com/ugd/c5d40f_c8350f1a6e7e4d58b69c90a6b3d43cbe.pdf
- https://static.usrfiles.com/ugd/b8c837_ecdd369a514c4b62820ed775c77ba857.pdf
- https://static.usrfiles.com/ugd/87a178_18cd6e21178446f99251c5bd0320f7e3.pdf
- https://static.usrfiles.com/ugd/bb13a2_f6b5f48f182b4f8286e2e7cea44898c5.pdf
- https://cdn.shopify.com/s/files/1/0433/9197/5580/files/mevazu.pdf
- https://cdn.shopify.com/s/files/1/0440/6371/9574/files/nhl_collective_bargaining_agreement.pdf
- https://cdn.shopify.com/s/files/1/0435/6525/2769/files/maxime_bernier_ppc_platform.pdf
- https://cdn.shopify.com/s/files/1/0434/7042/2180/files/64971020872.pdf
- https://cdn.shopify.com/s/files/1/0432/7243/7910/files/72847625889.pdf
- https://cdn.shopify.com/s/files/1/0427/9320/5916/files/17799114240.pdf
- https://cdn.shopify.com/s/files/1/0431/1764/1879/files/bakopaloxotawoxadasak.pdf
- https://cdn.shopify.com/s/files/1/0429/2077/1750/files/sitakozupomosutemewuzos.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0431/1764/1879/files/bakopal
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000689a.binfb8683ad48fd73866c8709d9e782a8d1a41455e01a5925da86b17ec2058bbc7c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x689A | 5132 bytes |
font_01_sfnt_off00007a23.bin8fcad8d268ed70804b033984704e77725d153d7a184d2739a65a5f80a300cff2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A23 | 10240 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.