MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to Shopify-hosted PDF files. One of these links, https://ttraff.com/wix?keyword=1982+water+dog+2020, is identified as a malicious redirector. This suggests the document is part of a link farm or SEO poisoning campaign designed to lure users to malicious sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=1982+water+dog+2020
- https://cdn.shopify.com/s/files/1/0436/4802/4741/files/samsung_android_phone_20000.pdf
- https://cdn.shopify.com/s/files/1/0434/7009/4501/files/asbabun_nuzul.pdf
- https://cdn.shopify.com/s/files/1/0461/3655/7736/files/ios_alamofire_file.pdf
- https://cdn.shopify.com/s/files/1/0437/7539/3944/files/zomisegilafovefudokuto.pdf
- https://cdn.shopify.com/s/files/1/0438/1986/0125/files/dead_space_android_apk_uptodown.pdf
- https://cdn.shopify.com/s/files/1/0432/0333/0208/files/android_10_pixel_3_uk.pdf
- https://cdn.shopify.com/s/files/1/0432/4058/7431/files/soft_cartoon_photoshop_action_free.pdf
- https://cdn.shopify.com/s/files/1/0438/2579/1138/files/zevuxebolarowasifeza.pdf
- https://cdn.shopify.com/s/files/1/0429/3292/8671/files/tujiradogejokika.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/29883534071.pdf
- https://cdn.shopify.com/s/files/1/0433/3263/2730/files/cambridge_english_for_the_media_student_s_book.pdf
- https://cdn.shopify.com/s/files/1/0430/9755/5098/files/sony_vegas_pro_portable_32_bit_free_download.pdf
- https://cdn.shopify.com/s/files/1/0431/5657/0274/files/78223804932.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/duliwoledemovaj.pdf
- https://cdn.shopify.com/s/files/1/0431/5211/3820/files/baton_vape_manual.pdf
- https://487e2efa-8b3a-4c19-b088-d7eab8f485e8.filesusr.com/ugd/69695d_b6efb9b044db4badba983f0987557f53.pdf?index=true
- https://69139595-bf46-4b96-a60d-f2fb2ee2c9f5.filesusr.com/ugd/13ae68_2b06329fd47b485793ee1d853e6a4d2a.pdf?index=true
- https://f756b49d-beb6-4b68-9cea-0d485e821f1b.filesusr.com/ugd/9ea91e_9d2cff9976964184b4169f83f993445c.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000769a.bin67682d799d41369cf925f51470374807177e6b1aef1dcd1278deb1dbede4cc7c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x769A | 5060 bytes |
font_01_sfnt_off00008844.binc272242327195864952f82e6a6a595ce6b10bf6029cd9918d07406f46ca0b74f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8844 | 5456 bytes |
font_02_sfnt_off00009af4.binf7b236d512d2e02c821cdc6738fd2413230ba1235615a9afd043e8407f1c701e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9AF4 | 10660 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.