MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/wix?keyword=mattress+firm+tucson+spectrum'. The document body, though heavily obfuscated, contains references to this URL and other Shopify-hosted PDF files, suggesting a link farm or redirection tactic. The primary intent appears to be directing the user to the malicious redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=mattress+firm+tucson+spectrum
- https://cdn.shopify.com/s/files/1/0429/4197/2636/files/gafakakerel.pdf
- https://cdn.shopify.com/s/files/1/0434/2287/5805/files/zedusakosu.pdf
- https://cdn.shopify.com/s/files/1/0429/0763/1782/files/77983232342.pdf
- https://efc62d54-ffc2-4219-9781-608dbb49029b.filesusr.com/ugd/f2c1dc_0818ccb52acd4730a33b0446276a2e93.pdf?index=true
- https://4141477d-4716-46a4-9811-c1b13a48f416.filesusr.com/ugd/f1780b_c73f6cbe0fef492ea4b1a95f1a055b15.pdf?index=true
- https://b1e8b3ce-77a0-4c17-965c-6083ed8da2ce.filesusr.com/ugd/cfa91a_2000c577619a4a08bda604cd3ba82bfa.pdf?index=true
- https://f75a6c91-0103-40e5-b061-066d44a92adb.filesusr.com/ugd/a58502_310787c3846a44be9fde653dc1444e02.pdf?index=true
- https://cdn.shopify.com/s/files/1/0447/9811/6006/files/alagappan_manual_of_practical_medicine_6th_edition_free_download.pdf
- https://cdn.shopify.com/s/files/1/0436/3704/7449/files/boolean_search_strings.pdf
- https://cdn.shopify.com/s/files/1/0435/4716/4840/files/adblock_plus_full_apk.pdf
- https://ef0fec9c-17df-4239-8351-87f0fa332386.filesusr.com/ugd/ebcc4b_e1bae630f5ee457aac77b3f1070a33bb.pdf?index=true
- https://9c02055e-7dac-4cf4-a8e8-cde7801bdc70.filesusr.com/ugd/24853a_6689f704dce74aa8ad014a10918c699f.pdf?index=true
- https://a74688c3-8486-4eee-90ab-8ecdf9f3fdb6.filesusr.com/ugd/5bf82b_8b754883af7f4b07b1da7222bb027eb0.pdf?index=true
- https://eeb9d713-8b66-48a8-994e-886782a6bd18.filesusr.com/ugd/b30cf0_ddb1400be822481c8436dc67ba00f782.pdf?index=true
- https://982a5bf7-8700-458f-ab07-ddcbce04c21c.filesusr.com/ugd/4fea5c_adf8b0b67014459c922b21447ab3d0f6.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000592c.bin72da00cfca8c6e9cca6ca3be8db14c1530139279d5e4bb26b5f822409e16b77e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x592C | 5132 bytes |
font_01_sfnt_off00006a9c.bin62c1e898ef123aba24bb20bca60ad2b6fd3227dfee6c8f2f0ba89cae46c1e311 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A9C | 10412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.