MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one heuristic specifically identifying it as a PDF link farm. The primary malicious URL, 'https://ttraff.ru/wix?keyword=ios+programming%253A+the+big+nerd+ranch+guide+6th', is flagged as a malicious redirector. While many other links point to benign Shopify domains, the presence of the malicious redirector and the sheer volume of links suggest a malicious intent, likely for SEO manipulation or to lead users to harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=ios+programming%253A+the+big+nerd+ranch+guide+6th
- https://cdn.shopify.com/s/files/1/0434/6963/5746/files/kabatolanux.pdf
- https://cdn.shopify.com/s/files/1/0430/8166/2628/files/dofufezuritipugetenig.pdf
- https://cdn.shopify.com/s/files/1/0434/2503/8498/files/16014834718.pdf
- https://cdn.shopify.com/s/files/1/0429/7375/7603/files/30649523759.pdf
- https://cdn.shopify.com/s/files/1/0436/9901/1738/files/mercedes_ml400_manual.pdf
- https://cdn.shopify.com/s/files/1/0430/8529/9876/files/tijipilovige.pdf
- https://cdn.shopify.com/s/files/1/0430/3729/4741/files/rulijez.pdf
- https://cdn.shopify.com/s/files/1/0435/6443/3569/files/12002492761.pdf
- https://cdn.shopify.com/s/files/1/0438/3778/4224/files/bixegugofuze.pdf
- https://cdn.shopify.com/s/files/1/0428/1116/2790/files/past_tense_vs_present_perfect_exercises.pdf
- https://static.usrfiles.com/ugd/b8c837_b62ce61e7b49492f9187ab3132f7c316.pdf
- https://static.usrfiles.com/ugd/b8c837_bfb518c5d59a49098f26597b10d0cccc.pdf
- https://static.usrfiles.com/ugd/b28561_72142f2aebeb4e5eba1ce1adccee9a29.pdf
- https://cdn.shopify.com/s/files/1/0433/4462/5822/files/campione_light_novel_volume_19.pdf
- https://cdn.shopify.com/s/files/1/0434/9083/6645/files/43283509990.pdf
- https://cdn.shopify.com/s/files/1/0434/6209/9097/files/7745580855.pdf
- https://cdn.shopify.com/s/files/1/0428/4288/2215/files/32975713580.pdf
- https://cdn.shopify.com/s/files/1/0428/4206/3004/files/67986561892.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000072be.bina01910f62bb8a6889b42596981ed9e9b52d0e4720a3aa3d1865c48643d1a8b96 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72BE | 5736 bytes |
font_01_sfnt_off0000860a.binf03b529a3fc1d5f3a965c35611440b72f193e3f46e077a147a1ff0b07fd4f79c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x860A | 14532 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.