MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous embedded links, with a critical heuristic firing for a malicious redirector. The document body, though heavily obfuscated, contains text related to 'cell line culture protocol pdf' and the malicious URL 'https://ttraff.cc/pify?keyword=cell+line+culture+protocol+pdf'. This suggests the document is designed to trick users into clicking the malicious link, likely leading to a phishing page or malware download. The presence of many benign-looking Shopify links is likely a tactic to obscure the malicious redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=cell+line+culture+protocol+pdf
- http://files.glocesterlibraries.org/uploads/1/3/1/3/131378776/3098917.pdf
- http://pomigo.householdarchaeology.org/uploads/1/3/0/7/130739777/puzaraxu_sevorij_baxibuxud_xezevekevox.pdf
- http://files.cbdpainters.net/uploads/1/3/1/4/131483281/ebcfac.pdf
- http://kosik.leticiahuerta.com/uploads/1/3/1/8/131871699/zapuxodoxutes.pdf
- https://cdn.shopify.com/s/files/1/0436/7443/5737/files/analog_storage_oscilloscope.pdf
- https://cdn.shopify.com/s/files/1/0434/6200/0806/files/20446047433.pdf
- https://cdn.shopify.com/s/files/1/0434/1779/6770/files/java_code_for_tic_tac_toe.pdf
- https://cdn.shopify.com/s/files/1/0448/2033/2705/files/erlang_web_servers.pdf
- https://cdn.shopify.com/s/files/1/0435/1095/6196/files/telecharger_carte_geographique_du_monde.pdf
- https://cdn.shopify.com/s/files/1/0429/6772/8279/files/generation_z_consumer_behavior.pdf
- https://cdn.shopify.com/s/files/1/0432/2469/4942/files/vonuvogaxabe.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/vuvitew.pdf
- https://cdn.shopify.com/s/files/1/0432/9639/1323/files/15343025476.pdf
- https://cdn.shopify.com/s/files/1/0431/4251/2802/files/91335639736.pdf
- https://cdn.shopify.com/s/files/1/0430/2117/2897/files/midoz.pdf
- https://cdn.shopify.com/s/files/1/0430/6026/5117/files/jalolofusojomi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b2a.bin77e01556d475f45cb300aeefd17f9c4290944c285523bac79204078403244843 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B2A | 4664 bytes |
font_01_sfnt_off00007b0d.binc084840ec124704a4548f6a560c9aa52378e393f3b94c1cdae38f6fdd514dc05 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B0D | 9940 bytes |
font_02_sfnt_off00009d1b.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9D1B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.