MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link that redirects to a malicious URL, disguised as a free download for a 'bakery business plan pdf'. This is further supported by heuristics indicating a malicious redirector and a link farm designed for SEO manipulation. The document body contains the lure text and the malicious URL.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=bakery+business+plan+pdf+free+download
- http://files.selfdefensetacticsbyjamespozen.com/uploads/1/3/1/3/131382590/rezoxiget.pdf
- http://files.destinyjoydesigns.com/uploads/1/3/0/9/130969053/rusineresuvarovuda.pdf
- http://files.akfilmstudios.com/uploads/1/3/0/7/130739265/litotibenokigem.pdf
- http://nabewakox.uaplantscienceclub.com/uploads/1/3/0/8/130813821/2e0fe732bd8e2.pdf
- http://files.craftastics.co.uk/uploads/1/3/0/7/130740213/bovebow-vevefe.pdf
- https://cdn.shopify.com/s/files/1/0434/0708/1622/files/39959619685.pdf
- https://cdn.shopify.com/s/files/1/0432/8875/6374/files/nijixikezofazoran.pdf
- https://cdn.shopify.com/s/files/1/0434/1540/4702/files/emoji_show_me_the_money.pdf
- https://cdn.shopify.com/s/files/1/0429/4184/1575/files/46569971088.pdf
- https://cdn.shopify.com/s/files/1/0440/2210/4229/files/50652485149.pdf
- https://cdn.shopify.com/s/files/1/0431/6676/1120/files/kaxujijitawimefekerub.pdf
- https://cdn.shopify.com/s/files/1/0438/4056/9494/files/nimumatakuneduditivezaju.pdf
- https://cdn.shopify.com/s/files/1/0433/6805/4940/files/37258686187.pdf
- https://cdn.shopify.com/s/files/1/0432/2459/6642/files/budojitelegimifetu.pdf
- https://cdn.shopify.com/s/files/1/0433/1218/5502/files/32325102822.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007398.bin1ce87978d0380f838c67dfe8bafa08fabca5b568b8be9f36b59022ebf0cc2025 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7398 | 5480 bytes |
font_01_sfnt_off0000865b.bina36eee06fef6ce219692c4ec918276ac99413e4fd1e3666e4031624f9289d620 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x865B | 1800 bytes |
font_02_sfnt_off00008ee8.bin53bdc6d346750c758ad2e810003d404e0c763e5ff7a696ab619b317aa3acbd06 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8EE8 | 10524 bytes |
font_03_sfnt_off0000b2fa.bin0b4f9904cc63eeb245c31300081beae5dd130040598f84ad13cd294c90142161 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB2FA | 16660 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.