MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic match for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it points to known malicious infrastructure. The document body and embedded URLs suggest a lure related to 'apics cscp exam questions'. The PDF also exhibits characteristics of a link farm, with numerous external links, many hosted on cdn.shopify.com. The primary malicious IOC is the redirector URL, which is likely used to deliver a secondary payload.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/pify?keyword=apics+cscp+exam+questions
- http://files.exercisewithtracy.co.uk/uploads/1/3/0/8/130874240/39d131d0bf7f79.pdf
- http://webudilo.831.delivery/uploads/1/3/0/8/130815137/bufuja.pdf
- https://cdn.shopify.com/s/files/1/0429/5039/4019/files/35416642210.pdf
- https://cdn.shopify.com/s/files/1/0431/4578/9600/files/doreruni.pdf
- https://cdn.shopify.com/s/files/1/0440/4012/6614/files/89567915402.pdf
- https://cdn.shopify.com/s/files/1/0438/1822/1730/files/16324466889.pdf
- https://cdn.shopify.com/s/files/1/0466/6694/0581/files/angard_staffing_holiday_request_form.pdf
- https://cdn.shopify.com/s/files/1/0437/7939/1646/files/auditoria_ambiental_ejemplo_pdf.pdf
- https://cdn.shopify.com/s/files/1/0436/8482/3205/files/linear_algebra_system_of_linear_equations.pdf
- https://cdn.shopify.com/s/files/1/0430/0141/3785/files/bricked_android_not_detected_by_pc.pdf
- https://cdn.shopify.com/s/files/1/0433/7539/4977/files/kathanayakudu_ntr_telugu_movie_songs_free.pdf
- https://cdn.shopify.com/s/files/1/0433/5543/9263/files/88309105781.pdf
- https://cdn.shopify.com/s/files/1/0431/2186/8960/files/22285925499.pdf
- https://cdn.shopify.com/s/files/1/0438/6488/3355/files/72495008912.pdf
- https://cdn.shopify.com/s/files/1/0431/3638/5175/files/exerccio_tabela_peridica.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006205.bin18241a24bd2509e5e8d83a5d39a4ace20cb297ae4c431287b87c2e326cc66b8a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6205 | 5132 bytes |
font_01_sfnt_off00007371.bine9eb23fe83cd4649cded7a980bf9ebdb398ecba933cf95bb34f6994252a2d520 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7371 | 10528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.