MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link farm and a malicious redirector, indicating an attempt to lure users to malicious content. The presence of a 'download button' lure reinforces this. The document body, though heavily obfuscated, contains the URL that is also flagged as a malicious redirector. The PDF structure and embedded links suggest a phishing or scam attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=email+template+for+offering+services
- https://static.usrfiles.com/ugd/fa6f14_59bf1fdbb8a84c579a20c30254d759be.pdf
- https://static.usrfiles.com/ugd/05301a_f6f8cf208aba4fee9550861e206fd2f3.pdf
- https://static.usrfiles.com/ugd/76de1a_d6788eecd0c342819389c54cfe7b50f3.pdf
- https://static.usrfiles.com/ugd/7baf93_c9d8e531d43a4d078c23a938fec4c5d5.pdf
- https://static.usrfiles.com/ugd/26938b_00991e38613347bcad25bd18ad5c5231.pdf
- https://cdn.shopify.com/s/files/1/0431/2950/3901/files/bovuwuvalulafuzuma.pdf
- https://cdn.shopify.com/s/files/1/0438/3493/3408/files/pujubasumubizesunival.pdf
- https://cdn.shopify.com/s/files/1/0434/6085/3912/files/86286535093.pdf
- https://cdn.shopify.com/s/files/1/0432/2829/9428/files/88215088881.pdf
- https://cdn.shopify.com/s/files/1/0437/3020/6885/files/hindustan_unilever_annual_report_2015.pdf
- https://cdn.shopify.com/s/files/1/0433/3905/5253/files/nomago.pdf
- https://cdn.shopify.com/s/files/1/0431/2521/1296/files/1039300131.pdf
- https://cdn.shopify.com/s/files/1/0434/5220/3161/files/national_geographic_travel_guide_indonesia.pdf
- https://cdn.shopify.com/s/files/1/0437/7739/2794/files/11483120761.pdf
- https://cdn.shopify.com/s/files/1/0430/3542/6970/files/36353014130.pdf
- https://static.usrfiles.com/ugd/9b5f63_d92e21e3f2d34cf5b4ea3d8e1427a77c.pdf
- https://static.usrfiles.com/ugd/38eac1_c1f3b8641d784a7a8b8a9def6382d450.pdf
- https://static.usrfiles.com/ugd/921909_621ed22371914f188f44c30a28243a86.pdf
- https://static.usrfiles.com/ugd/b8c837_519363adf93b474abd8e557ba937006f.pdf
- https://static.usrfiles.com/ugd/f459ea_9b829b8a24da4163a12ab291cac4c3f2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0431/2950/3901/fi
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007e15.bine2d389ca290c293b0a94751e1f30fb153a638f67f33b127f1ad24802d946b482 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E15 | 5352 bytes |
font_01_sfnt_off00009043.bin62d5ec014cb6d85e9d4b91bb946b3c8a75b5c572b631cb045106edfd28e7f9c3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9043 | 10916 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.