MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a high number of external links, many pointing to Shopify, suggesting a link farm for SEO manipulation. One critical heuristic identified a direct link to a known malicious redirector, ttraff.ru, which is further disguised by a 'bakeshop business plan pdf' keyword. This indicates a phishing or malware delivery attempt using a deceptive document.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=bakeshop+business+plan+pdf
- https://cdn.shopify.com/s/files/1/0434/0760/5910/files/mitapudururola.pdf
- https://cdn.shopify.com/s/files/1/0437/8850/1143/files/28465532289.pdf
- https://cdn.shopify.com/s/files/1/0431/6259/9584/files/glencoe_mathematics_algebra_2.pdf
- https://static.usrfiles.com/ugd/078c79_8949298d460d4a02b3122d0f21c038c7.pdf
- https://static.usrfiles.com/ugd/e02969_f7ea0e895b4f46dfae2ba811262f3641.pdf
- https://static.usrfiles.com/ugd/b8c837_790dd339d1a04b8fb4af639928740fc0.pdf
- https://static.usrfiles.com/ugd/3ceeb9_aa632bc990134192a79df1378949fb92.pdf
- https://static.usrfiles.com/ugd/b8c837_fe21bb3b5f854e4bb769562a51c4d40a.pdf
- https://cdn.shopify.com/s/files/1/0431/4601/8967/files/71570848852.pdf
- https://cdn.shopify.com/s/files/1/0431/4451/1645/files/gotumasekiz.pdf
- https://cdn.shopify.com/s/files/1/0433/5111/3883/files/rerasibuziburo.pdf
- https://cdn.shopify.com/s/files/1/0434/3883/3816/files/pl_sql_developer_nls_date_format.pdf
- https://cdn.shopify.com/s/files/1/0437/6133/6471/files/kifijigaxisezuvizug.pdf
- https://cdn.shopify.com/s/files/1/0430/7140/6237/files/biblia_del_peregrino_nuevo_testament.pdf
- https://cdn.shopify.com/s/files/1/0429/9050/2042/files/89148165339.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000796c.bin8994fa536ddf5212798bad3209effa49ccc46982df45bd1f70a7598e62d038b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x796C | 5284 bytes |
font_01_sfnt_off00008b52.bin51ebeec29509b87aa858d500e37ac8853184703d07d1f913ce36d8e1dc7764c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8B52 | 1800 bytes |
font_02_sfnt_off000093e0.bin06b9184ee04ba30ff1c82534283ddbb5d6006aea545d5508c3355a1594c8737b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x93E0 | 10452 bytes |
font_03_sfnt_off0000b7ab.bin6b5fadd2f52bc1ca77e7aa2b1b7aa60fe2d97728aca7f1a06ec49f887284dfb6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB7AB | 16660 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.