MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to the presence of a large number of embedded external links, characteristic of a link farm or SEO manipulation tactic. One of these links, https://ttraff.cc/wix?keyword=the+ultimate+guide+to+gi+joe, is a known malicious redirector. The document body contains garbled text and metadata indicating it was generated by wkhtmltopdf, suggesting it's not intended for direct user consumption but rather as a vehicle for link distribution.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=the+ultimate+guide+to+gi+joe
- https://cdn.shopify.com/s/files/1/0434/9113/1554/files/spreadsheet_for_sole_trader.pdf
- https://cdn.shopify.com/s/files/1/0441/0910/3256/files/filupatiwilaxibagolojexa.pdf
- https://cdn.shopify.com/s/files/1/0431/5208/1053/files/allahabad_bank_application_form.pdf
- https://static.usrfiles.com/ugd/9c43ec_4a675df99fa44a1baa00ce8529e1036b.pdf
- https://static.usrfiles.com/ugd/b8c837_f309e07050e64ca5be621a630ff9834f.pdf
- https://static.usrfiles.com/ugd/9ea9b6_2c0db41f2c1e4639b47d56e6ca1af44c.pdf
- https://static.usrfiles.com/ugd/d775a9_7273fdeec25b4b0e9a51cff113ce4302.pdf
- https://static.usrfiles.com/ugd/122077_414116daa651453296e5f531ad96a3f0.pdf
- https://static.usrfiles.com/ugd/b8c837_179209e83ce24ee09f428c79ba82157d.pdf
- https://static.usrfiles.com/ugd/4f270c_77f7268fc2834bc99ba92702b4df01a7.pdf
- https://static.usrfiles.com/ugd/ea2f88_e94d4e06509b4129975851bc1a426a0c.pdf
- https://static.usrfiles.com/ugd/b8c837_9cfa656bb47247d894b66cbc9449a514.pdf
- https://cdn.shopify.com/s/files/1/0440/1748/3934/files/mufapuwabufakevumex.pdf
- https://cdn.shopify.com/s/files/1/0434/5361/2182/files/kubota_zd323_owners_manual.pdf
- https://cdn.shopify.com/s/files/1/0429/6910/4540/files/causative_upper_intermediate_exercises.pdf
- https://cdn.shopify.com/s/files/1/0438/6045/9685/files/centre_parcs_sherwood_forest_map.pdf
- https://cdn.shopify.com/s/files/1/0465/1584/7326/files/bnf_77_free.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009464.binbf964485456ff5425023cafc07be8fc093344562c0c3b6279dd2e90fea1761c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9464 | 4988 bytes |
font_01_sfnt_off0000a53b.bindc22bfb830ad5be0e07ab3b448da32619005af37f7f32cc032e34ba5c38b3b03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA53B | 10196 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.