MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a link farm and a critical heuristic firing for a malicious redirector. The document body, though heavily obfuscated, contains a URL that appears to be a lure for a 'carprofen safety data sheet'. This URL redirects to a known malicious domain. The presence of numerous PDF links suggests an attempt to manipulate search engine results or distribute further malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=carprofen+safety+data+sheet
- https://static.usrfiles.com/ugd/03ae60_85a9ab3084a248a6abaca80326464b95.pdf
- https://static.usrfiles.com/ugd/78daac_72b3b483479c47adb6df2728f13baa3f.pdf
- https://static.usrfiles.com/ugd/804ff6_727fb0467bd0460f924eb669cacedbeb.pdf
- https://static.usrfiles.com/ugd/2994dd_e20485925a374dd2801c0504725c43aa.pdf
- https://static.usrfiles.com/ugd/d5415a_34056f18e5584454b8f76c32e19d82b3.pdf
- https://static.usrfiles.com/ugd/429b25_af17a0b2df30459e84e2cd05e99b3738.pdf
- https://static.usrfiles.com/ugd/af0aa9_0ef986c5de8843078bce5053846f0f11.pdf
- https://static.usrfiles.com/ugd/eed56f_ae678497730e41db84d1410e3ce2e390.pdf
- https://cdn.shopify.com/s/files/1/0432/0873/6928/files/nixuditegiluxekef.pdf
- https://cdn.shopify.com/s/files/1/0428/3603/3695/files/92408071058.pdf
- https://cdn.shopify.com/s/files/1/0433/8260/3927/files/54320955976.pdf
- https://cdn.shopify.com/s/files/1/0434/0570/5374/files/24484311116.pdf
- https://static.usrfiles.com/ugd/6203b9_e550b05cc58d448bbd5d1c728621b08a.pdf
- https://static.usrfiles.com/ugd/e73fea_86395489ec1148109c1577779aaf7c8e.pdf
- https://static.usrfiles.com/ugd/f967ac_28cff77ac3284464874c473118788861.pdf
- https://static.usrfiles.com/ugd/c836c3_f1e66eba8825412e8b08bd05021440b0.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cca1.bine1051b3776acb52ef4e89f6e005288b6fc899bb82e2bad8c75dd8ae91435a844 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCCA1 | 5104 bytes |
font_01_sfnt_off0000ddfc.bin0022ad9420fa28cd106829ac3f0b3c2b2028832f5603b81dab8ccdd6ee6cb2bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDDFC | 10740 bytes |
font_02_sfnt_off000102d5.bin2fbb528c30fae61c70ff4082faa5fece981988df10abad1a91cab371b780b9de |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x102D5 | 16192 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.