MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous links, many of which point to a link farm hosted on strikinglycdn.com, and one critical link directs to a known malicious redirector. The document body, though heavily obfuscated, contains the URL for the malicious redirector, suggesting a lure to download further malicious content. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=capitaes+da+areia+pdf+download
- http://lexijexe.mountzionpbchurch.org/uploads/1/3/1/8/131856516/jujafilimulo.pdf
- http://files.pushthenote.com/uploads/1/3/1/4/131455956/6e67367b2217.pdf
- http://jemop.2319thestore.com/uploads/1/3/1/3/131397997/90100.pdf
- http://timinun.lkaywatsonlpc.com/uploads/1/3/2/8/132814930/dodiwib.pdf
- http://files.thebeautyteam.com/uploads/1/3/1/6/131606789/b200f.pdf
- http://files.lakestclairwaterfestival.org/uploads/1/3/2/7/132712514/2c0e1d7c1.pdf
- http://rexapagu.therevolutionhairsalon.com/uploads/1/3/1/1/131164250/wenunabifuwi-surukani-nomimosol-jugenep.pdf
- http://files.kellyalexander.org/uploads/1/3/2/6/132681901/sovitifexexowegereb.pdf
- http://popegafar.gtitusphotography.com/uploads/1/3/1/6/131606875/rudagovalikalobobasu.pdf
- http://files.morganlwebster.com/uploads/1/3/2/3/132303382/a47e8.pdf
- http://files.wrightsvillebeachrocks.com/uploads/1/3/1/4/131406966/9916027.pdf
- https://uploads.strikinglycdn.com/files/657e7348-1792-4a19-8fac-005b55e78c8c/13674331318.pdf
- https://uploads.strikinglycdn.com/files/a4d90cbd-a339-428c-b254-195a8e1f6118/72658175200.pdf
- https://uploads.strikinglycdn.com/files/ff2abae3-495a-4721-835f-ace36c8b70af/46351468998.pdf
- https://uploads.strikinglycdn.com/files/89e02f38-bc1d-4b27-8ea9-a7b869f1993c/mibuxitevozas.pdf
- https://uploads.strikinglycdn.com/files/1ce21353-94f9-4f6b-ba7f-3a3bf3e16430/vedam.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000055ee.binf2e44164e3ecb6a87352079da0a38c32a865e1bad084ff0b4d27902a03e1a71f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x55EE | 5032 bytes |
font_01_sfnt_off00006728.bin8b4786516f333538a1fbc89f6f77f9be3e5ef44d7e8d768435959ad5472db3f8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6728 | 10064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.