MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to a known malicious redirector (ttraff.com). The document body, though heavily obfuscated, contains text related to 'fraction number line worksheets grade 4', suggesting a lure to disguise the malicious intent. The primary heuristic indicates the PDF links to known malicious redirector infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=fraction+number+line+worksheets+grade+4
- http://files.birdhousebaby.com/uploads/1/3/0/7/130740522/siniwuluzisu_mazogal.pdf
- http://rozitad.n2d.shop/uploads/1/3/1/0/131069839/ca21b60a7d.pdf
- https://cdn.shopify.com/s/files/1/0449/7784/8488/files/xibiz.pdf
- https://cdn.shopify.com/s/files/1/0428/1267/0111/files/afinador_de_guitarra_apk_android_2._3.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/97897646990.pdf
- https://cdn.shopify.com/s/files/1/0432/2790/6206/files/business_case_study_book.pdf
- https://cdn.shopify.com/s/files/1/0436/4340/4441/files/durasivizaxuzaledobikumap.pdf
- https://cdn.shopify.com/s/files/1/0434/3745/7574/files/80334855630.pdf
- https://cdn.shopify.com/s/files/1/0430/3686/8762/files/gifojur.pdf
- https://cdn.shopify.com/s/files/1/0428/8364/5599/files/90820824986.pdf
- https://cdn.shopify.com/s/files/1/0428/7633/8335/files/asa_guidelines_for_secondary_prevention_of_stroke.pdf
- https://cdn.shopify.com/s/files/1/0435/6187/7665/files/fifodesuwulogojas.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/29878061118.pdf
- https://cdn.shopify.com/s/files/1/0433/6071/4904/files/90984032347.pdf
- https://cdn.shopify.com/s/files/1/0428/9724/4316/files/11419703373.pdf
- https://cdn.shopify.com/s/files/1/0437/3417/1797/files/mojiw.pdf
- https://cdn.shopify.com/s/files/1/0428/6549/2127/files/didupejebevigupifem.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0428/9724/4316/files/11419703373
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008ce5.bina8deafd46f149f6e5f20769afa3ce26de55215571deea83560cad3aac327c5d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8CE5 | 5692 bytes |
font_01_sfnt_off0000a026.bin744c36ecdee2253eb25184e493f302501458394c5218aa50a9d180020972ede3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA026 | 9712 bytes |
font_02_sfnt_off0000c1a6.binedc33fe94617b35fa5734827a91efdc9665031ac3a5a8b8018a6396f4204b3d2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC1A6 | 16116 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.