MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of embedded links, many of which point to external PDF files hosted on various platforms. One of the primary links, https://cctraff.ru/strik?keyword=astrology+101+kathleen+sears+pdf, is identified as a malicious redirector. The document's structure and the presence of numerous links suggest a tactic to distribute malicious content or lead users to phishing sites, leveraging SEO link farm techniques.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=astrology+101+kathleen+sears+pdf
- https://site-1037054.mozfiles.com/files/1037054/xifisov.pdf
- https://site-1036659.mozfiles.com/files/1036659/73791718422.pdf
- https://site-1037191.mozfiles.com/files/1037191/zamofugobovotitetet.pdf
- https://site-1037240.mozfiles.com/files/1037240/gabelizemidotufofafe.pdf
- http://files.legacysportsphx.com/uploads/1/3/0/7/130738998/xinedida.pdf
- http://lazalit.hccbillings.org/uploads/1/3/1/4/131409090/1097836.pdf
- http://xegej.ufdp.net/uploads/1/3/1/8/131857419/73251.pdf
- http://fotoxavi.stjoespdr.org/uploads/1/3/1/8/131871609/buwebopatejowimobuti.pdf
- https://site-1037164.mozfiles.com/files/1037164/26149255429.pdf
- https://site-1037180.mozfiles.com/files/1037180/lelapivi.pdf
- https://site-1036929.mozfiles.com/files/1036929/folifiliwuliradozebusax.pdf
- https://site-1036872.mozfiles.com/files/1036872/73366040094.pdf
- https://uploads.strikinglycdn.com/files/1af93968-96a6-4498-b693-78281f99f232/zusupanine.pdf
- https://uploads.strikinglycdn.com/files/2af0b53d-5e1c-41bd-8748-22a274bf9271/zufokukimerikelokemud.pdf
- https://uploads.strikinglycdn.com/files/71b7f8d1-7bfa-4800-b891-c91e611f9c62/delulupuzelav.pdf
- https://uploads.strikinglycdn.com/files/d7931538-5701-4e3a-9bf4-d39416949f5d/zuwajekober.pdf
- https://uploads.strikinglycdn.com/files/e0095544-8b73-4fdb-a61b-36e6dd598c28/regaxoj.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007f94.binb2de88ae158fd64c7322f78ba4f91e72334f76b67fe3e5e901cdcaf0f0768cb8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F94 | 5652 bytes |
font_01_sfnt_off000092e5.bin3390d983dd555cfba78afdb593f6bf6028fb55b26efede14085e17e578403a07 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x92E5 | 10040 bytes |
font_02_sfnt_off0000b559.binf556fde67bc11cc16b003e9b57d953562b3481761f4ba7aaa2944500bf0acf23 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB559 | 16188 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.