MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains multiple embedded URLs, with one identified as a malicious redirector. The heuristic 'PDF_MALICIOUS_REDIRECTOR_LINK' indicates a link to 'https://ttraff.cc/pify?keyword=avatar+movie++in+telugupalaka', which is likely used to obscure the final malicious destination. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic and the document body containing a call-to-action phrase further support the lure-based attack pattern. The file is likely a downloader or part of a phishing campaign.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=avatar+movie++in+telugupalaka
- http://vesukix.serepartners.com/uploads/1/3/1/3/131383726/suluzidof.pdf
- https://cdn.shopify.com/s/files/1/0429/6107/6387/files/comment_apprendre_l_anglais_facilement.pdf
- https://cdn.shopify.com/s/files/1/0440/0542/5310/files/vovegukesuxovizid.pdf
- https://cdn.shopify.com/s/files/1/0431/7492/0347/files/12589090614.pdf
- https://cdn.shopify.com/s/files/1/0434/6540/8662/files/55459120220.pdf
- https://cdn.shopify.com/s/files/1/0435/7311/7096/files/spell_check_online_free.pdf
- https://cdn.shopify.com/s/files/1/0427/6636/8935/files/83605448967.pdf
- https://cdn.shopify.com/s/files/1/0430/0655/8359/files/adb_driver_samsung_s4.pdf
- https://cdn.shopify.com/s/files/1/0434/0704/8860/files/vomegadalepijufudak.pdf
- https://cdn.shopify.com/s/files/1/0430/9726/0192/files/93188325552.pdf
- https://cdn.shopify.com/s/files/1/0428/1935/4791/files/business_administration_definition.pdf
- https://cdn.shopify.com/s/files/1/0437/2702/8375/files/lowrance_elite_4_manual.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000797d.bin51742b4c4a82820dace59c57e6fad2914acd5798dfba13aeeeb4c3da9b0d6b20 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x797D | 3904 bytes |
font_01_sfnt_off0000874e.bin419759fc4e93b5ba259813159e9c8f44c707027b608799819fe2edfccc4ec2a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x874E | 5076 bytes |
font_02_sfnt_off00009880.bin9b803b1c5b35f22e41bfd555e2319a49fbc234a876f96b8fc1c0db3b0c9bf84a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9880 | 6800 bytes |
font_03_sfnt_off0000ac6c.bin43a72db2a2a893d6d90c198a84547a8060f5d491c30493c93271322536c92856 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAC6C | 7268 bytes |
font_04_sfnt_off0000c253.bin41d2e207d72923ecf1886c101532c2458bec5b882e0e259e529eaabe337bba33 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC253 | 12196 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.