MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, identified as a PDF SEO link farm. One of these links, 'https://ttraff.cc/pify?keyword=pharmacy+wall+charts', points to a known malicious redirector. The document body, though partially corrupted, also contains this URL, suggesting the primary intent is to redirect users to malicious content through a deceptive link farm.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=pharmacy+wall+charts
- http://files.betweenheavenandearth.org/uploads/1/3/1/8/131857650/xenere_sikarazas_fosafi.pdf
- http://files.shoparworkshopbelmont.com/uploads/1/3/1/3/131379353/dd6d33712d411b9.pdf
- http://files.graemepickles.com/uploads/1/3/1/4/131407445/9857976.pdf
- http://files.royalqueendom.com/uploads/1/3/0/8/130813827/7066829.pdf
- http://files.aimdesignsgifts.com/uploads/1/3/0/7/130739340/968392.pdf
- https://pekimovaw.files.wordpress.com/2020/07/gupiwozajejatubero.pdf
- https://xokumawuv.files.wordpress.com/2020/06/25069677562.pdf
- https://gufakiv.files.wordpress.com/2020/06/7300503785.pdf
- https://vipikewef.files.wordpress.com/2020/07/xovikelubobabedomibibaxal.pdf
- https://fuxofifusod.files.wordpress.com/2020/06/bomeseri.pdf
- https://woxujobeza.files.wordpress.com/2020/06/vagejedalejegomija.pdf
- https://tatadakijafi440268210.files.wordpress.com/2020/07/58546370525.pdf
- https://jarajabeduxe.files.wordpress.com/2020/07/40239469484.pdf
- https://fiwukezebara.files.wordpress.com/2020/06/87140078345.pdf
- https://mowesafubi.files.wordpress.com/2020/07/63142606644.pdf
- https://cdn.shopify.com/s/files/1/0428/7250/4483/files/32963350051.pdf
- https://cdn.shopify.com/s/files/1/0433/0268/2789/files/43548610234.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/dejotoxirebogoro.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/nexunalazuzifoginiwaboliz.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jatebilebasa.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/jenodilibaxu.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/pejuzesuloroxutebed.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000065fa.bina813a90ae1d9a412c8fada701dad0f9b9a40a48c9cd9999480962e10b30dbb67 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65FA | 4640 bytes |
font_01_sfnt_off000075bb.bina0b9b33ad5e2796c0487df30b9413cec535b4797a7f10c244d6ef5c2306ffa15 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75BB | 10028 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.