MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged for containing a malicious redirector link and a large number of embedded external PDF links, indicating a link farm. The primary malicious URL identified is 'https://ttraff.cc/pify?keyword=marie+clay+running+record'. The document body appears to be corrupted or heavily obfuscated, preventing a clear understanding of its intended lure. The presence of numerous links suggests an attempt to distribute malicious content or phish users.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=marie+clay+running+record
- http://files.lisamaki.blog/uploads/1/3/0/7/130776518/955749.pdf
- http://files.evelineverhulst.nl/uploads/1/3/2/3/132302819/julupe.pdf
- http://files.madhopeblog.com/uploads/1/3/0/7/130739522/3911468.pdf
- http://files.d17teachers.com/uploads/1/3/1/4/131453943/tofujipasazetu.pdf
- http://files.magicandfun.co/uploads/1/3/1/3/131381712/gewinakem.pdf
- https://merifaja
- https://cdn.shopify.com/s/files/1/0432/6142/7867/files/24310330347.pdf
- https://cdn.shopify.com/s/files/1/0432/8023/6702/files/10980410453.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/3785448733.pdf
- https://merifajal.files.wordpress.com/2020/07/basirifogu.pdf
- https://vikuriwugapo.files.wordpress.com/2020/06/wurivegajadilojemaburi.pdf
- https://geluxomu.files.wordpress.com/2020/06/91441583596.pdf
- https://gujobuzagam594322867.files.wordpress.com/2020/06/76980324964.pdf
- https://garuwade.files.wordpress.com/2020/06/rukubomadenesidux.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/76957488457.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/47475247643.pdf
- https://cdn.shopify.com/s/files/1/0427/9776/0668/files/litusisezira.pdf
- https://cdn.shopify.com/s/files/1/0432/1984/5278/files/15088961682.pdf
- https://cdn.shopify.com/s/files/1/0430/9018/2304/files/48482030292.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/kawovuk.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/kepikopu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007394.bin6550342b078ee95beecc569acd6e79426f87003228ff64bacf5f90c281afc518 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7394 | 4836 bytes |
font_01_sfnt_off0000840b.bin61c710d3282dcc2d71e60bad37c54f8dbac67b7868ed0d08b0427e49f559a5f6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x840B | 10548 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.