MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.001 Malicious Link
T1566.002 Spearphishing Attachment
The PDF contains multiple heuristics indicating malicious intent, including a critical finding of a link to known malicious redirector infrastructure at 'https://ttraff.com/pify?keyword=linux+commands+for+beginners+pdf'. Additionally, the document body contains instructions that suggest a 'clipboard command execution lure', prompting the user to copy and paste content into a shell. The presence of numerous external PDF links, many hosted on Shopify, suggests a link farm or SEO poisoning attempt to drive traffic to malicious sites.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=linux+commands+for+beginners+pdf
- http://files.wiltshiregardeningcourses.co.uk/uploads/1/3/1/8/131856170/jonexiwojuj.pdf
- http://files.brucetesslerrealtyinc.com/uploads/1/3/0/8/130874060/08bbd.pdf
- http://files.valleyviewdoodles.com/uploads/1/3/2/6/132695543/sufetesaxofenem.pdf
- http://files.hyderabad-greenacres.com/uploads/1/3/1/8/131871494/bevokanajiriv_sevopalu_ritapolojenagi_mogalenuzaxekip.pdf
- http://files.lindyzart.com/uploads/1/3/1/6/131636987/886e059176267b1.pdf
- https://cdn.shopify.com/s/files/1/0430/8749/5321/files/32794987910.pdf
- https://cdn.shopify.com/s/files/1/0430/9506/4730/files/60730183881.pdf
- https://cdn.shopify.com/s/files/1/0431/0076/6369/files/92921518778.pdf
- https://cdn.shopify.com/s/files/1/0431/4077/6093/files/razirijutazemiwufalumedo.pdf
- https://cdn.shopify.com/s/files/1/0430/1147/3571/files/film_genres.pdf
- https://cdn.shopify.com/s/files/1/0429/1782/2620/files/wutuf.pdf
- https://cdn.shopify.com/s/files/1/0429/9980/8149/files/3621525238.pdf
- https://cdn.shopify.com/s/files/1/0430/7386/3842/files/20611643101.pdf
- https://cdn.shopify.com/s/files/1/0429/6923/5619/files/matiluremoragipobiki.pdf
- https://cdn.shopify.com/s/files/1/0434/7068/4317/files/sepetixipifuvamowujebawis.pdf
- https://cdn.shopify.com/s/files/1/0431/0843/4081/files/lesubagiwupetoduwubez.pdf
- https://cdn.shopify.com/s/files/1/0429/7113/6154/files/69546157801.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/45484104345.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001de6e.bin7a421db15d7673440929949f65d569d8914d7911ef8c6b5287640646e7601e5a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1DE6E | 5592 bytes |
font_01_sfnt_off0001f163.binba71c505d12ab4ca55e5eee88ca69609155af2339a180398911b7895d8e0b180 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1F163 | 15592 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.