MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, disguised with a plausible document title. The document body also contains this link, suggesting the intent is to trick the user into clicking it. The file also exhibits characteristics of a link farm, with numerous embedded URLs pointing to external PDF documents, further supporting a malicious redirection or phishing attempt.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=usaid+accounting+policies+and+procedures+manual+pdf
- http://files.alissabethphoto.com/uploads/1/3/1/4/131482881/7166596.pdf
- http://files.hummmusic.com/uploads/1/3/0/8/130815437/worigugasomuta_raxadabenosali_sevexe.pdf
- http://files.apple-tutoring.com/uploads/1/3/1/0/131071209/fejemirokapo.pdf
- https://2147ebbc-ed90-4c7e-9529-d310e56b10cc.filesusr.com/ugd/0010c8_fa27bd9b73e64f188b085545fe7b62da.pdf?index=true
- https://ab2719c3-304e-4762-844a-cc110fffc43e.filesusr.com/ugd/c63dba_6389e3994a014bc5a9d84b503a84e5f3.pdf?index=true
- https://f817ebd8-ccb3-4fef-94f9-33d983cced34.filesusr.com/ugd/6c313a_5a6f7d9e31814bacbb36a9940fd922e5.pdf?index=true
- https://cdn.shopify.com/s/files/1/0430/8028/6372/files/british_council_grammar.pdf
- https://cdn.shopify.com/s/files/1/0436/1479/7981/files/best_video_maker_android_app.pdf
- https://cdn.shopify.com/s/files/1/0433/2647/2345/files/operating_system_concepts_8th_editio.pdf
- https://cdn.shopify.com/s/files/1/0437/8145/6023/files/another_park_another_sunday_lyrics.pdf
- https://cdn.shopify.com/s/files/1/0439/4293/6731/files/73948648539.pdf
- https://6711d6c1-39ce-4016-991b-a76289b985a1.filesusr.com/ugd/f515ca_ce592003f89d4aa586be944e6400e9ea.pdf?index=true
- https://fa8dd78c-6c8c-483f-8633-c70de174b868.filesusr.com/ugd/64bd79_88653030f170484497c0f2f98efdeb17.pdf?index=true
- https://31b37c33-5247-40ff-a924-52618b375426.filesusr.com/ugd/ccf397_f81bec9e921945afa7a26b75ee32076b.pdf?index=true
- https://12839eed-907b-4bf1-88ba-dd8ea023d9f5.filesusr.com/ugd/93c935_685c07658f634c5b831855d88c3f45d6.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007616.bin11e2bfefada0afc29c0aaaf012ea086bf739ed18660c531feeade1ad88ffa8ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7616 | 5348 bytes |
font_01_sfnt_off0000881f.bind365ea4a68bf045fd28425a5e74015172df9d561b015c9a39a8a020d4d39e1e9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x881F | 10428 bytes |
font_02_sfnt_off0000abd5.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xABD5 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.