MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com', which is associated with a keyword search for 'adobe photoshop cs6 keygen'. Additionally, another critical heuristic indicates a PDF link farm, with numerous external links, many hosted on 'cdn.shopify.com'. The document body contains garbled text but includes the malicious URL and keywords suggesting a lure for software cracks or keygens. The primary intent appears to be directing users to malicious infrastructure via the 'ttraff.com' URL.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=adobe+photoshop+cs6+keygen
- https://cdn.shopify.com/s/files/1/0432/7879/4917/files/equipment_sign_out_sheet.pdf
- https://cdn.shopify.com/s/files/1/0438/2274/3712/files/gonimilofejosusedixugez.pdf
- https://cdn.shopify.com/s/files/1/0443/9366/0582/files/nfhs_basketball_rules_2020_20.pdf
- https://cdn.shopify.com/s/files/1/0431/5276/9192/files/noblesse_oblige_meaning.pdf
- https://cdn.shopify.com/s/files/1/0431/4615/0039/files/wukubo.pdf
- https://static.usrfiles.com/ugd/b8c837_0112073a40784c0b8b3ba496522f7bcf.pdf
- https://static.usrfiles.com/ugd/b8c837_b24d0f4f2f92465e83538cb48651541f.pdf
- https://static.usrfiles.com/ugd/eed56f_b3ba6e3a373b4d6385c7a02a034a85d6.pdf
- https://static.usrfiles.com/ugd/b8c837_9f6e7560c76046b39e6c2e43fc9f667f.pdf
- https://static.usrfiles.com/ugd/9ff9b8_9d147aaf7f414bc3a821ad02c0f01cf2.pdf
- https://static.usrfiles.com/ugd/d2751c_aa9a18080d204642874afa2a7d80da63.pdf
- https://static.usrfiles.com/ugd/b8c837_7d862d8c369b475b88e180046f18280d.pdf
- https://static.usrfiles.com/ugd/3aee12_fa122e1c75c346aabb81328e69c0eacd.pdf
- https://static.usrfiles.com/ugd/f3ecbe_48b5aa437e324d92a0cf3f2e923c53a7.pdf
- https://cdn.shopify.com/s/files/1/0440/3780/0086/files/12196284764.pdf
- https://cdn.shopify.com/s/files/1/0427/5788/2022/files/lazugefalewoworesen.pdf
- https://cdn.shopify.com/s/files/1/0428/4206/3004/files/xanobexozusoziwesege.pdf
- https://cdn.shopify.com/s/files/1/0432/9065/6924/files/14934822792.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0000a591.bin0f338588d807f1e40b6d3ff7455d9fb2d28d3759588fd935732012e0cc298856 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xA591 | 23908 bytes |
font_00_sfnt_off00006f94.bin9aaa77c958c5172dbbdca59de6df322e4b9534fea965aff2854ae9592a989dc3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F94 | 5448 bytes |
font_01_sfnt_off00008221.bincd82ba4c9645fedb1c9e0b60066ba5e84cb3ea37452ab6b8b8cc17d50c5c0b30 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8221 | 10296 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.