MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to external resources, a technique often used for SEO link farming or to obscure malicious destinations. One critical heuristic identified a link to a known malicious redirector infrastructure at 'https://ttraff.ru/pify?keyword=basic+civil+engineering+pdf+notes'. The document body, though partially corrupted, contains text suggesting it is a lure for 'basic civil engineering pdf notes', intended to trick users into clicking the malicious link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=basic+civil+engineering+pdf+notes
- http://files.auburnhighfootball.com/uploads/1/3/1/3/131384635/lopokuvudu.pdf
- http://files.whereisthebrightline.com/uploads/1/3/0/8/130814774/delewavuvet.pdf
- http://files.offenhauslive.com/uploads/1/3/1/8/131856195/tuteg.pdf
- http://files.yogaterrium.com/uploads/1/3/1/1/131163943/4709747.pdf
- http://files.kofcstarofthesea.com/uploads/1/3/1/3/131379594/dawujatotodusinitif.pdf
- https://cdn.shopify.com/s/files/1/0431/5453/8656/files/vw_jetta_transmissions.pdf
- https://cdn.shopify.com/s/files/1/0430/9401/6157/files/wujas.pdf
- https://cdn.shopify.com/s/files/1/0431/2668/5858/files/xabuzajegabatetewapawa.pdf
- https://cdn.shopify.com/s/files/1/0431/5840/5274/files/gozazulonase.pdf
- https://cdn.shopify.com/s/files/1/0438/9571/8040/files/79706461794.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/48675385277.pdf
- https://cdn.shopify.com/s/files/1/0438/8143/1195/files/xisuxutapisakuwa.pdf
- https://cdn.shopify.com/s/files/1/0430/1937/0659/files/fowezogikafumoganorixakun.pdf
- https://cdn.shopify.com/s/files/1/0430/0976/9631/files/javascript_compare_array.pdf
- https://cdn.shopify.com/s/files/1/0433/4115/2406/files/6445312335.pdf
- https://cdn.shopify.com/s/files/1/0428/7794/3967/files/journal_quotidien_el_watan.pdf
- https://cdn.shopify.com/s/files/1/0431/9903/7595/files/47376268974.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000045d6.bin2d581c889785b37ec613f6a81b3f0b0469dc2ab4c4c2c9282ee78c7264396345 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x45D6 | 5432 bytes |
font_01_sfnt_off00005869.bin211eb86cab5bd39d5cf4724bf5dfe0882340bc695062779b62d9fa37db114d84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5869 | 9984 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.