MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to a link farm hosted on Shopify. One of the primary links, 'https://ttraff.cc/pify?keyword=asignaturas+derecho+uned+pdf', is identified as a malicious redirector. This suggests the document is designed to trick users into visiting malicious websites by masquerading as legitimate academic content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=asignaturas+derecho+uned+pdf
- http://files.glennisesalean.com/uploads/1/3/1/3/131379223/xotemazunasut_ziwovugafatut_bevino_rumefip.pdf
- http://files.nmtamale.com/uploads/1/3/2/6/132695354/nelotusofogew-xojipovekajexe-jukujidodo.pdf
- http://deledexe.wonderfulpowerfulme.com/uploads/1/3/1/3/131379246/roketox_jegitiri_kuditanokakowof.pdf
- http://files.artandsoulmakeup.com/uploads/1/3/0/8/130813899/dc6310.pdf
- https://cdn.shopify.com/s/files/1/0433/7316/6744/files/tejomosafujenimu.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/titigabibuzumazavuxi.pdf
- https://cdn.shopify.com/s/files/1/0431/3337/0522/files/42601526633.pdf
- https://cdn.shopify.com/s/files/1/0432/7273/2825/files/89447499441.pdf
- https://cdn.shopify.com/s/files/1/0438/4777/8469/files/gobir.pdf
- https://cdn.shopify.com/s/files/1/0437/0097/7829/files/9988512029.pdf
- https://cdn.shopify.com/s/files/1/0432/5244/9435/files/57271980354.pdf
- https://cdn.shopify.com/s/files/1/0431/2665/3077/files/becker_cpa_exam_review_2020.pdf
- https://cdn.shopify.com/s/files/1/0435/8035/8811/files/pasomozo.pdf
- https://cdn.shopify.com/s/files/1/0435/0096/1947/files/pdf_a_word_program_full.pdf
- https://cdn.shopify.com/s/files/1/0431/6220/6357/files/7089935261.pdf
- https://cdn.shopify.com/s/files/1/0438/6163/9318/files/3302030860.pdf
- https://cdn.shopify.com/s/files/1/0431/4041/5644/files/vufitufuburosavarudikod.pdf
- https://cdn.shopify.com/s/files/1/0440/6591/5032/files/i_am_discourses.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006402.bin68cfdfcf28fd238c51afd4ce0ac71efc1dadb40e881c29201546c59135537fe5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6402 | 5372 bytes |
font_01_sfnt_off00007646.bin3475d4329119b14379bdd3a568d6bcab2cb17a8936fea2a61d07a072605e2c3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7646 | 11616 bytes |
font_02_sfnt_off00009bd4.binaad9bc0f36eadc3314e08670b59090120051e308b357201f134af3d0b781b2b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9BD4 | 16312 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.