MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a link farm designed to appear as search results, with the primary malicious link being https://ttraff.link/wix?keyword=android+sdk+manager+visual+studio+2015. This heuristic indicates the document's purpose is to redirect users to potentially harmful content. The document body contains garbled text but also includes the malicious URL and several benign-looking Shopify URLs, suggesting a deceptive lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=android+sdk+manager+visual+studio+2015
- https://cdn.shopify.com/s/files/1/0432/1188/2659/files/bluefin_tuna_fishing_report_nc.pdf
- https://cdn.shopify.com/s/files/1/0437/9456/3229/files/bootstrap_templates_free_for_company.pdf
- https://cdn.shopify.com/s/files/1/0430/5436/6877/files/16356574831.pdf
- https://cdn.shopify.com/s/files/1/0430/8526/7097/files/pufegozu.pdf
- https://cdn.shopify.com/s/files/1/0438/5308/6885/files/augustine_confessions_book_3.pdf
- https://cdn.shopify.com/s/files/1/0470/0022/3896/files/printable_punctuation_worksheets_for_adults.pdf
- https://cdn.shopify.com/s/files/1/0431/9605/5711/files/rupezesobav.pdf
- https://cdn.shopify.com/s/files/1/0428/6598/3655/files/xofenibimaxasititi.pdf
- https://cdn.shopify.com/s/files/1/0430/5387/5357/files/twinkle_twinkle_little_star_notes.pdf
- https://static.usrfiles.com/ugd/b8c837_f85d765a816a4ec080ce057d9bc9f162.pdf
- https://static.usrfiles.com/ugd/3ce946_55c69276706043a1a9e954ed9082942a.pdf
- https://static.usrfiles.com/ugd/b8c837_c1a2616025d9416284fe3cfa05166b48.pdf
- https://static.usrfiles.com/ugd/0e9fc2_70f57fe76da841c39bd2eb602d24c6b4.pdf
- https://static.usrfiles.com/ugd/de3d83_f376c3edae6e4d31a907b25742fcb9af.pdf
- https://static.usrfiles.com/ugd/b8c837_3fbf20b3a4684a5ba762c53a39b1ad9c.pdf
- https://static.usrfiles.com/ugd/856cea_2df91311f1cb4ca9bd0f92d31f38e74d.pdf
- https://static.usrfiles.com/ugd/c63dba_aec72341c9514948bec92605a99e9d4d.pdf
- https://static.usrfiles.com/ugd/b6edda_7749e7bfda38404c911e61032d4ed199.pdf
- https://static.usrfiles.com/ugd/724fb5_06993e58dd1c4b0faddca9136faf7ea9.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cf5.bin515cb81295049de22ff8a6ddf68a310fe2545a0f052167b24adbb683acaf1373 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CF5 | 5708 bytes |
font_01_sfnt_off0000805c.bin2776aed443ea7d79913fcfe10dfbaac084bd77ab33a476c7c28a8f69cd0612fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x805C | 12632 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.