MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a deceptive link presented as a download for "Microbiology bauman pdf download". This link, along with numerous other embedded links, redirects to known malicious infrastructure. The presence of a visual download button further supports a social engineering lure. No scripts were extracted, but the primary malicious activity is the redirection to a malicious URL.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=microbiology+bauman+pdf+download
- http://files.abandcalledalexis.com/uploads/1/3/1/8/131871980/xodepotefa_ralozo_zilegemaker_momitanokuwupip.pdf
- http://befovu.dralisonpt.com/uploads/1/3/1/4/131406352/4de741ef8.pdf
- http://nabagav.pharmavetsa.com/uploads/1/3/1/6/131606457/f7046f08.pdf
- https://cdn.shopify.com/s/files/1/0432/0677/0849/files/45948985160.pdf
- https://cdn.shopify.com/s/files/1/0428/8544/7833/files/labunivatobulobopigu.pdf
- https://cdn.shopify.com/s/files/1/0429/9948/0473/files/today_s_burlington_nc_weather_report.pdf
- https://cdn.shopify.com/s/files/1/0429/5481/7690/files/special_request_chit_navy_2011.pdf
- https://cdn.shopify.com/s/files/1/0486/9101/9926/files/currency_exchange_chase_bank.pdf
- https://cdn.shopify.com/s/files/1/0430/9070/6589/files/83885081457.pdf
- https://cdn.shopify.com/s/files/1/0484/7088/4502/files/pre_reading_anticipation_guide_a_raisin_in_the_sun.pdf
- https://cdn.shopify.com/s/files/1/0433/9079/5941/files/anti_formiche_piante.pdf
- https://cdn.shopify.com/s/files/1/0432/0670/5312/files/27791858863.pdf
- https://cdn.shopify.com/s/files/1/0430/6052/7253/files/gobarapazofafasabuwumane.pdf
- https://cdn.shopify.com/s/files/1/0434/4253/6598/files/71151489716.pdf
- https://cdn.shopify.com/s/files/1/0431/4375/7992/files/7678080731.pdf
- https://cdn.shopify.com/s/files/1/0438/6911/0432/files/86743896082.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b9f.bin619ef88af71fa8d897c48d006247ef35c8c13f89500f9f9b4085854e824e38b5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B9F | 5636 bytes |
font_01_sfnt_off00007ed8.bin5fda91117504aa90d432ab7447b468823ac4db465fdb88323bcdef9cf9a5da93 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7ED8 | 10636 bytes |
font_02_sfnt_off0000a363.binf12bcc42cb143e9cc41a08ef9f9c81c8a36c017982c073a20263204097028d61 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA363 | 16100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.