MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a redirector URL, which is a common tactic for phishing and scam campaigns. The document body, though heavily obfuscated, contains keywords related to Android phones and Xiaomi devices, suggesting a lure to entice clicks. The PDF also contains a large number of external links, many pointing to Shopify domains, which is indicative of a link farm used to distribute malicious content or for SEO manipulation.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=android+one+%25D0%25BD%25D0%25B0+xiaomi+redmi+note+4x
- https://cdn.shopify.com/s/files/1/0431/5801/2068/files/mifeguwukil.pdf
- https://cdn.shopify.com/s/files/1/0434/0308/3930/files/kovokeletede.pdf
- https://cdn.shopify.com/s/files/1/0431/0361/7173/files/rurijukur.pdf
- https://cdn.shopify.com/s/files/1/0431/8350/5562/files/healthy_relationship_boundaries_worksheets.pdf
- https://cdn.shopify.com/s/files/1/0439/1842/6267/files/ssc_stenographer_old_paper.pdf
- https://static.usrfiles.com/ugd/ea5d7b_17ddff58aa644f89870767150d58c61e.pdf
- https://static.usrfiles.com/ugd/66c878_44888453c9384b378adbf375564184b9.pdf
- https://static.usrfiles.com/ugd/1df9ea_8f315daa08cc46de9490866df92afbfa.pdf
- https://static.usrfiles.com/ugd/b8c837_8d82f48c52684b2cb2f4299c37467ed4.pdf
- https://static.usrfiles.com/ugd/b8c837_e3fd023897294987986df00c7fe39778.pdf
- https://static.usrfiles.com/ugd/b8c837_0155eac2e7b84841b4212094a8becbca.pdf
- https://static.usrfiles.com/ugd/f7fbc8_eb91a469f3a74ff79fafdcf71cdbcf0e.pdf
- https://static.usrfiles.com/ugd/b8c837_b3118e2f9e9b4b358d7ff7f947133adf.pdf
- https://cdn.shopify.com/s/files/1/0439/1147/9464/files/97722796450.pdf
- https://cdn.shopify.com/s/files/1/0432/6762/1028/files/chirutha_songs_free_telugu.pdf
- https://cdn.shopify.com/s/files/1/0432/7938/4736/files/numerical_analysis_sauer.pdf
- https://cdn.shopify.com/s/files/1/0434/3506/5510/files/bekilopumifotew.pdf
- https://cdn.shopify.com/s/files/1/0428/9432/7975/files/23204582395.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005e3a.bin33bf770651a13a5ceb1d47b4b72d3b9a827733f5a22170f88c90f21610cf0c11 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E3A | 5176 bytes |
font_01_sfnt_off00006f24.bine960b612a04bec0b9e0e15c7eaf0fddd61c46b04abfeb82f14c3942df8edd3ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F24 | 10604 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.