MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous embedded links, a technique often used for SEO poisoning or to redirect users to malicious sites. One critical heuristic identified a link to a known malicious redirector infrastructure at 'https://ttraff.ru/wb?keyword=intelligent%20solar%20charge%20controller%20user%20manual'. The document body, though partially corrupted, contains text related to a solar charge controller manual, suggesting a lure. The presence of multiple Shopify links, while some are benign, contributes to the link farm characteristic.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=intelligent%20solar%20charge%20controller%20user%20manual
- http://files.sweettearestaurant.com/uploads/1/3/0/9/130969798/tiregu-dazutobewezir.pdf
- http://files.chestervt.gov/uploads/1/3/0/7/130738562/f1ca2849c636.pdf
- http://files.288sportsottawa.com/uploads/1/3/0/8/130814682/dugatazinarilik-bedagewisu-dogudesufeje-nirevolafe.pdf
- http://files.kickstart-hr.com/uploads/1/3/0/8/130814176/bepejusorido.pdf
- http://files.medicalimagingindia.com/uploads/1/3/0/7/130776152/6563714.pdf
- https://cdn.shopify.com/s/files/1/0430/9227/9445/files/15231251257.pdf
- https://cdn.shopify.com/s/files/1/0430/9798/1082/files/84592063667.pdf
- https://cdn.shopify.com/s/files/1/0431/5126/1853/files/fugisolusozikosesasokit.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/71409998288.pdf
- https://cdn.shopify.com/s/files/1/0429/4295/5687/files/68061420764.pdf
- https://cdn.shopify.com/s/files/1/0432/7102/8896/files/xusawej.pdf
- https://cdn.shopify.com/s/files/1/0433/4052/9816/files/80399405452.pdf
- https://cdn.shopify.com/s/files/1/0430/0718/0954/files/46511397736.pdf
- https://cdn.shopify.com/s/files/1/0427/5427/7532/files/fejer.pdf
- https://cdn.shopify.com/s/files/1/0435/3658/0757/files/46224883426.pdf
- https://cdn.shopify.com/s/files/1/0431/2127/9137/files/sinevuzuwuvilovoribeti.pdf
- https://cdn.shopify.com/s/files/1/0434/3077/2901/files/munuregadojibot.pdf
- https://cdn.shopify.com/s/files/1/0429/9977/5381/files/lumivakoxi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004e1e.bin1737624550226df259d7f97306261e0a3c77ed9ddbed9a87a66d6d64df751f6d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E1E | 5152 bytes |
font_01_sfnt_off00005f7e.binbde64350d19b0f97fc55a325481005364907470f141a023f0b5a643dd09612c9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5F7E | 11748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.