MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1071.001 Web Protocols: HTTP
The PDF file contains a link that redirects to malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains text related to a "doctoral program" and the malicious URL, suggesting a lure. The PDF_SEO_LINK_FARM heuristic indicates the PDF is part of a larger link farm, likely for SEO poisoning or distributing malicious content. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=doctoral+program+in+accounting+reporting+and+taxation
- https://static.usrfiles.com/ugd/49be48_f2bf02163cb34705bebd189b1e38c0db.pdf
- https://static.usrfiles.com/ugd/cac9e4_6c293764bf8f429da66a708a4b9d3504.pdf
- https://static.usrfiles.com/ugd/8a419d_1f04136590cc493bb9d93e290415d1ef.pdf
- https://static.usrfiles.com/ugd/895bef_73fdb6fcad25497f930723d82a8f7cd6.pdf
- https://static.usrfiles.com/ugd/9cb927_bc1aceb6f4f64c17b2a213ff2f113b19.pdf
- https://static.usrfiles.com/ugd/b8c837_c60d65537eb74b61a35721d0745921d9.pdf
- https://static.usrfiles.com/ugd/b8c837_fc25a47a265146d5aba92136afab4e3e.pdf
- https://static.usrfiles.com/ugd/b8c837_b02aa0ade46f4f23bf2127895aa77f3b.pdf
- https://static.usrfiles.com/ugd/dd6616_81ab7483930246f3b63c29680bdd86fc.pdf
- https://static.usrfiles.com/ugd/d01287_c78734d22fd845fe9f22a2ce5bd15307.pdf
- https://cdn.shopify.com/s/files/1/0437/5815/7982/files/79692479991.pdf
- https://cdn.shopify.com/s/files/1/0430/6426/2818/files/84128033073.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/71409998288.pdf
- https://cdn.shopify.com/s/files/1/0428/9468/8412/files/48244551545.pdf
- https://static.usrfiles.com/ugd/1df9ea_53717cf971844dc38e11e7515d382c38.pdf
- https://static.usrfiles.com/ugd/0c268c_825a3ade7aa04514b2efb1fb6c25e7a2.pdf
- https://static.usrfiles.com/ugd/b8c837_0d398b0f79434bf4ac344646bc9b8364.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007ea8.binea27c9fb5844582517674a800c0b399c51d5de8aa29a9894223c3684f46084b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EA8 | 5164 bytes |
font_01_sfnt_off0000901f.binc695ef46de1e7957580efcf8de9f535b0f77255f08bd50ee0bdada6d6fec45e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x901F | 10624 bytes |
font_02_sfnt_off0000b3e9.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB3E9 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.