MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to a critical heuristic firing for a malicious redirector link. It also contains a large number of external links, suggesting a link farm for SEO manipulation or to distribute malicious content. The primary malicious URL identified is https://ttraff.link/wix?keyword=samsung+slide+phone+2009, which likely leads to a phishing or malware delivery site.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=samsung+slide+phone+2009
- http://files.acousticdesignstudios.com/uploads/1/3/1/3/131380741/jituxemeb_javezu.pdf
- http://juliteg.kitchengardenschooluk.com/uploads/1/3/1/4/131437241/71e55.pdf
- http://files.peterandpaulapixie.com/uploads/1/3/1/3/131384340/pubabekezimulim_fazegelop.pdf
- https://cdc04b0a-e5aa-4c14-a4a1-139f82efee9f.filesusr.com/ugd/76de1a_313c3b9368a24d8fb48ed7099fd600de.pdf?index=true
- https://24a3297c-7b0b-46fd-959f-f0f413032e74.filesusr.com/ugd/debdc1_42e21d1fbc88434da1688f8101bbebde.pdf?index=true
- https://6eddd4b6-ed77-411a-adbc-6e8ecf763a4b.filesusr.com/ugd/4b874d_62aad375950948438dd243198338babf.pdf?index=true
- https://736cfb94-391b-429c-8307-b7ca4541440e.filesusr.com/ugd/defdb4_78ca2e42e9764bdbab772c4c52d54c7b.pdf?index=true
- https://fae86c34-e6f6-4345-8f1d-c00347617df7.filesusr.com/ugd/df73ab_0464931fbff34718847b69e855d0fe8c.pdf?index=true
- https://f31dc109-7b1f-41e0-8700-453b9a2ec3b2.filesusr.com/ugd/1da05d_9b1db3543ce243df858938ac36e16787.pdf?index=true
- https://36badb26-0d90-43ac-b5ac-8bf262dae026.filesusr.com/ugd/cf9ff1_ce0d5d920aa24b6bbf59ab2421b4595e.pdf?index=true
- https://0b58eef1-77e3-464d-b32d-2ad80a985262.filesusr.com/ugd/db1da1_8d19dbf75147484fb893865c9f84d3f3.pdf?index=true
- https://7372ff75-ae1f-4ff0-8bb5-293604d15571.filesusr.com/ugd/ad2ade_88a748cc748849e6bae65ae9f8be8f0f.pdf?index=true
- https://cdn.shopify.com/s/files/1/0437/5370/1525/files/7175942846.pdf
- https://cdn.shopify.com/s/files/1/0430/7720/6178/files/celkon_mobile_default_ringtones_free.pdf
- https://cdn.shopify.com/s/files/1/0433/8437/3406/files/lajejezuw.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000621b.bin030f7b3eb77c1eae5abbccd9d90904254bcd5282895d1356d7f4480cf3cc2a15 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x621B | 5808 bytes |
font_01_sfnt_off000075b3.bind83bb7662a7325de4f414184cabe6eeed4a4e7feeb2b111c68f5c60231a73f3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75B3 | 10240 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.