MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.cc/pify?keyword=university+calculus+early+transcendentals+2nd+edition+solutions+manual+pdf'. This URL is presented within the document body, disguised as a link to a calculus textbook solutions manual. The redirector likely leads to further malicious content or downloads. The PDF also exhibits characteristics of a link farm, with numerous embedded URLs, many hosted on Shopify, suggesting an attempt to distribute malicious links broadly.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=university+calculus+early+transcendentals+2nd+edition+solutions+manual+pdf
- http://files.bvl.ca/uploads/1/3/1/8/131856476/2991430.pdf
- http://files.housingamericacampaign.org/uploads/1/3/1/4/131437878/jareru.pdf
- http://files.yoansewingstudio.com/uploads/1/3/1/4/131437295/5621048.pdf
- https://cdn.shopify.com/s/files/1/0431/1266/1152/files/depodezadomojezopidun.pdf
- https://cdn.shopify.com/s/files/1/0430/0849/1673/files/cable_tray_price_list.pdf
- https://cdn.shopify.com/s/files/1/0434/7245/3797/files/9475338667.pdf
- https://cdn.shopify.com/s/files/1/0436/7712/2713/files/kogodakapibameputonigi.pdf
- https://cdn.shopify.com/s/files/1/0436/0437/7757/files/aileen_wuornos_book.pdf
- https://cdn.shopify.com/s/files/1/0431/7780/3925/files/66513226455.pdf
- https://cdn.shopify.com/s/files/1/0427/6604/1244/files/84089979548.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/60801944673.pdf
- https://cdn.shopify.com/s/files/1/0427/8750/4294/files/camera_follow_script_unity.pdf
- https://cdn.shopify.com/s/files/1/0430/8054/8503/files/gapuzivuvib.pdf
- https://cdn.shopify.com/s/files/1/0436/1358/5566/files/wekefilixojizepekogafiru.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00018cc6.bin1ac927e3904aa8e0852c6a7ce9344c9ed800ec358a5ba35988560d44dfeb6e7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18CC6 | 5468 bytes |
font_01_sfnt_off00019f4f.binec18ae3cd523c5a681fd1de7a02a568dcb88337a4f8c71d3c41e9cf77ec37309 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19F4F | 17788 bytes |
font_02_sfnt_off0001d6da.binebaa9d42c58e3fd25c8264bcf4ef2319fee467c92cf53dcc1f377a20fc8d39b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D6DA | 16148 bytes |
font_03_sfnt_off0001ebd2.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1EBD2 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.