MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with the primary link directing to a known malicious redirector. The document body, though heavily obfuscated, appears to be related to search terms for 'Cours vba excel 2016 pdf', suggesting a lure to a malicious site. The heuristic 'PDF_MALICIOUS_REDIRECTOR_LINK' confirms the presence of a link to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=cours%20vba%20excel%202016%20pdf
- http://files.artizendesign.co.uk/uploads/1/3/0/7/130775515/6272622.pdf
- http://files.mackbuildltd.com/uploads/1/3/2/6/132681823/zeriwitelozawu_kosipibufonani_penus_kewopefagefeb.pdf
- http://files.goatclean.com/uploads/1/3/1/0/131070920/podizotavese.pdf
- http://files.ak4h.org/uploads/1/3/1/8/131857120/weguran_dolug_wonanonuxepupu_lanapizod.pdf
- http://files.slikslymusic.com/uploads/1/3/2/7/132712003/panumewowimozin_nevegapexosix_karapo.pdf
- http://files.goatclean.com/uploads/1/3/1/0/131070920/
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jobevemavesofidubuxiwi.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/12584167006.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/84770620138.pdf
- https://cdn.shopify.com/s/files/1/0433/4387/2150/files/26990087226.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/76222514852.pdf
- https://dexamax.files.wordpress.com/2020/07/kigesigufuzuvenabomu.pdf
- https://vukomalej.files.wordpress.com/2020/06/79694902355.pdf
- https://lobubun.files.wordpress.com/2020/07/52836514228.pdf
- https://rugemafo.files.wordpress.com/2020/07/13350562194.pdf
- https://gozulij.files.wordpress.com/2020/07/narogomidiwufa.pdf
- https://cdn.shopify.com/s/files/1/0431/9775/9643/files/5787218168.pdf
- https://cdn.shopify.com/s/files/1/0434/0813/0197/files/87104715077.pdf
- https://cdn.shopify.com/s/files/1/0434/1802/6142/files/valuvakebagafekod.pdf
- https://cdn.shopify.com/s/files/1/0428/7922/1927/files/dulinesulijakivarirodu.pdf
- https://cdn.shopify.com/s/files/1/0431/8828/9694/files/88888863248.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/9715790575.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007b05.bin614601114bea3bf70892d77a039af6cf1fddad2b0008b07ffa8a96a2b2a6b632 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B05 | 5568 bytes |
font_01_sfnt_off00008e16.bin6e7f55a1a3a8d1faa6053c38f9c615ec810320e58409217733c48fbc279ca9d6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E16 | 11612 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.