MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to external PDF files hosted on Shopify. One critical heuristic indicates that the document links to a known malicious redirector infrastructure. The primary lure appears to be a link disguised as a search result for 'new bollywood movies online free', which redirects through 'ttraff.cc'. This suggests a social engineering attack aiming to trick users into visiting malicious sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=new+bollywood+movies+online++free
- http://serofexe.eghsbandboosters.com/uploads/1/3/0/8/130814106/bexejeroxufajo.pdf
- http://files.shopkoco.com/uploads/1/3/2/6/132682813/gezafurefexafu-wikure-wexul-bozexozanok.pdf
- http://vojibires.jaycommunityrecreationalcentre.org/uploads/1/3/1/0/131069806/8787887.pdf
- http://files.darmatechnology.com/uploads/1/3/1/1/131164295/bolupuxogowuvolebu.pdf
- http://files.olliedudekplaysbass.com/uploads/1/3/2/8/132814303/3653073.pdf
- https://cdn.shopify.com/s/files/1/0431/7829/5450/files/vegirapa.pdf
- https://cdn.shopify.com/s/files/1/0431/5434/2042/files/video_song_dj.pdf
- https://cdn.shopify.com/s/files/1/0429/1769/1559/files/10368351713.pdf
- https://cdn.shopify.com/s/files/1/0433/5288/3352/files/33323461332.pdf
- https://cdn.shopify.com/s/files/1/0431/3907/2161/files/an_introduction_to_statistical_learning_python.pdf
- https://cdn.shopify.com/s/files/1/0429/9200/9379/files/30647815510.pdf
- https://cdn.shopify.com/s/files/1/0448/4002/6273/files/black_hawk_down_book_free_download.pdf
- https://cdn.shopify.com/s/files/1/0437/8905/8206/files/sosijevulepefizipuwa.pdf
- https://cdn.shopify.com/s/files/1/0434/3051/0742/files/xabutirofolagoxujolatowas.pdf
- https://cdn.shopify.com/s/files/1/0439/8910/6846/files/gds_pay_committee_report_today.pdf
- https://cdn.shopify.com/s/files/1/0431/8127/7342/files/xijikexikakem.pdf
- https://cdn.shopify.com/s/files/1/0439/2127/7096/files/bruice_organic_chemistry_solutions_manual.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007678.bin30bb1a4a771377478560492deb5564902867e052c94da3720bc4c20ba8fb67ec |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7678 | 5208 bytes |
font_01_sfnt_off00008831.bin0668a18d63d3bcb1b5e3b9dc92758f7afc181ca128d91a8f24a44b02019c4f6e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8831 | 10060 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.