MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link disguised as a download button, which redirects to a malicious URL. This URL is part of a link farm designed to distribute further malicious PDFs. The document body and heuristics indicate a lure for cracked software, with the primary malicious URL being https://ttraff.com/pify?keyword=accelerator+plus+10+crack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=accelerator+plus+10+crack
- http://files.shopechters.com/uploads/1/3/0/7/130739528/dinubuwuxuxuriraxit.pdf
- http://files.letsleepingpigslie.com/uploads/1/3/0/9/130969489/votola.pdf
- http://files.upscaleresale4kids.com/uploads/1/3/1/3/131398406/a03f99578.pdf
- http://files.godswaytshirts.com/uploads/1/3/2/3/132302815/7c24d7928c8eda5.pdf
- https://cdn.shopify.com/s/files/1/0437/0425/4615/files/zijitavaw.pdf
- https://cdn.shopify.com/s/files/1/0431/5417/8216/files/lofulapewufinomameg.pdf
- https://cdn.shopify.com/s/files/1/0437/5370/1525/files/all_logic_gates_ic_numbers.pdf
- https://cdn.shopify.com/s/files/1/0432/8305/4757/files/13100118738.pdf
- https://cdn.shopify.com/s/files/1/0434/5217/0406/files/navivajebavelupu.pdf
- https://cdn.shopify.com/s/files/1/0437/8984/4641/files/amar_ujala_shimla_today.pdf
- https://cdn.shopify.com/s/files/1/0430/9562/1786/files/leweselizane.pdf
- https://cdn.shopify.com/s/files/1/0432/6051/0376/files/gorewojol.pdf
- https://cdn.shopify.com/s/files/1/0430/9614/6074/files/pomobivarunemoz.pdf
- https://cdn.shopify.com/s/files/1/0430/2556/3801/files/school_dance_rangers.pdf
- https://cdn.shopify.com/s/files/1/0427/7665/8087/files/cebada_propiedades_nutricionales.pdf
- https://cdn.shopify.com/s/files/1/0433/7824/5781/files/xslt_xml_to_json.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000686d.bine6c3f4449db8185c239fd2f30a9a6f6cf13708c7d86023c32936bd89f13c6536 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x686D | 4904 bytes |
font_01_sfnt_off0000791d.bin51ebeec29509b87aa858d500e37ac8853184703d07d1f913ce36d8e1dc7764c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x791D | 1800 bytes |
font_02_sfnt_off000081ab.binfcf8bac1d5a184fb8fdccc5d52d292810950b451a57a4211aaf61a88db699a50 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x81AB | 10360 bytes |
font_03_sfnt_off0000a527.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA527 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.