MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link with a lure related to 'Anganwadi supervisor form last date'. This link redirects to a known malicious redirector, indicating a phishing or scam attempt. The PDF also contains a large number of external links, many hosted on Shopify, suggesting a link farm used for SEO poisoning or distributing malicious content. The presence of a visual download button further supports a deceptive user interaction.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=anganwadi+supervisor+form+last+date
- https://cdn.shopify.com/s/files/1/0429/1752/7715/files/baliwor.pdf
- https://cdn.shopify.com/s/files/1/0429/4665/8463/files/the_fifth_wave_free_online.pdf
- https://cdn.shopify.com/s/files/1/0428/3986/7559/files/78704851987.pdf
- https://cdn.shopify.com/s/files/1/0428/5032/0543/files/academic_poster_examples.pdf
- https://cdn.shopify.com/s/files/1/0435/3510/6203/files/magibenabisex.pdf
- https://cdn.shopify.com/s/files/1/0435/6676/0095/files/6246617312.pdf
- https://cdn.shopify.com/s/files/1/0430/0315/0499/files/bujonarikujefitosedidive.pdf
- https://cdn.shopify.com/s/files/1/0432/6277/1358/files/4036023329.pdf
- https://cdn.shopify.com/s/files/1/0463/0570/6146/files/58035861746.pdf
- https://cdn.shopify.com/s/files/1/0462/1261/2249/files/bartaman_patrika_today.pdf
- https://cdn.shopify.com/s/files/1/0427/7898/4614/files/74518452238.pdf
- https://cdn.shopify.com/s/files/1/0431/0574/7095/files/south_american_countries_map_worksheet.pdf
- https://cdn.shopify.com/s/files/1/0429/1103/9655/files/litabebu.pdf
- https://cdn.shopify.com/s/files/1/0428/7689/5398/files/a_dance_to_the_music_of_time.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007783.bin0b61612d01c65592cbf84a9ce931e7eadcef68d5e7ebc7a63b3cb622c4e4aebe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7783 | 5500 bytes |
font_01_sfnt_off00008a3d.bin859cccbcb4c5077c8e9a16b213e9ea288cef53783d270c58581ec0d4e6193e5e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A3D | 5484 bytes |
font_02_sfnt_off00009dc0.bin8586562b5b3df944a686f6af901f966fb28d57b5f672922dfa886b956798e1ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9DC0 | 15904 bytes |
font_03_sfnt_off0000cf2c.bin17f363db81ad1844b17d00c0f931f7fa9cfc818d5777cae56fcfb36197f1f33a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCF2C | 9964 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.