MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass external PDF link farm, with many links pointing to Shopify domains, likely for SEO manipulation. One prominent link, disguised as educational material, redirects through a known malicious redirector. The document body, though heavily obfuscated, contains the URL that leads to the malicious redirector, suggesting a lure to trick users into visiting potentially harmful sites.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Remote-support tool lure high SE_REMOTE_SUPPORT_LUREDocument instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=arithmetic+progression+class+11+ncert+solutions+pdf
- http://files.landmark-mgmt.com/uploads/1/3/2/6/132681928/tajufoliludoz.pdf
- http://files.mrscbiology.com/uploads/1/3/1/0/131070374/sewovomujugatev_lanajigo_zajajilewu.pdf
- http://files.mitchlangcaster-james.com/uploads/1/3/1/3/131397946/kafeferub_gusajulawokil_nozumibevun_kapezizasapi.pdf
- http://files.lauraberry.co.uk/uploads/1/3/1/6/131606208/204713.pdf
- http://files.jennkarrasdesigns.com/uploads/1/3/2/6/132695586/e531f6bac4b98.pdf
- https://cdn.shopify.com/s/files/1/0436/7086/4037/files/18390000519.pdf
- https://cdn.shopify.com/s/files/1/0438/1802/5122/files/united_airlines_mechanic_contract.pdf
- https://cdn.shopify.com/s/files/1/0437/2817/5255/files/renituvowujatapomu.pdf
- https://cdn.shopify.com/s/files/1/0429/1274/3591/files/bamesexowujevatawoza.pdf
- https://cdn.shopify.com/s/files/1/0428/7388/0739/files/34301212712.pdf
- https://cdn.shopify.com/s/files/1/0433/2149/1621/files/24670637051.pdf
- https://cdn.shopify.com/s/files/1/0437/6703/8106/files/12851564022.pdf
- https://cdn.shopify.com/s/files/1/0430/8749/5321/files/halo_combat_evolved_sehs.pdf
- https://cdn.shopify.com/s/files/1/0433/7998/2492/files/1760157961.pdf
- https://cdn.shopify.com/s/files/1/0440/2210/4222/files/70671256929.pdf
- https://cdn.shopify.com/s/files/1/0436/9947/0486/files/teamviewer_commercial_use_detected.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000bd85.bin31be1dce4a8bbd8eeab6b22a8335e42f733bc9fbd5ebddad5a679c01923a5ff5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBD85 | 5612 bytes |
font_01_sfnt_off0000d077.bind321d3044618995833d0c7723c5c8ade4f66af97a58712b342b5a9f456f991ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD077 | 14068 bytes |
font_02_sfnt_off0000fc99.bince48f97c29a7c9541e147a2af0edb82e5f9a3a060b863b0c30f857897f71e990 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC99 | 16200 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.