Malware Insights
The PDF file contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The document body, though heavily obfuscated, contains the URL 'https://ttraff.club/wix?keyword=cardiac+cath+pdf', which is flagged as malicious. Additionally, the PDF exhibits characteristics of a link farm, with numerous embedded URLs pointing to external PDF files, suggesting an attempt to manipulate search engine results or distribute content from a compromised source. The primary malicious URL is the redirector, which likely serves as a gateway to further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=cardiac+cath+pdf
- https://static.usrfiles.com/ugd/432b07_d31cfa17c0a642c0b005aa1b00b092d6.pdf
- https://static.usrfiles.com/ugd/1849a1_edaf82c2d57d4dfe8804add4c62c37df.pdf
- https://static.usrfiles.com/ugd/2b3f46_e84d20a3438a4502882a9e7468ea4ae2.pdf
- https://static.usrfiles.com/ugd/565485_98f16ad6e8444203841b380b72e21f09.pdf
- https://static.usrfiles.com/ugd/defcb2_08918517d5df4713af9c52de703d93a6.pdf
- https://static.usrfiles.com/ugd/b0b521_3f476a001be04eada9ce98f73a44660d.pdf
- https://static.usrfiles.com/ugd/cbe7f7_f5a3cc1e96fc4e1f868d9c5b59d134f0.pdf
- https://static.usrfiles.com/ugd/fe83c3_c70f9a3ec9a047f5a645753805eff7c4.pdf
- https://static.usrfiles.com/ugd/e7e4a0_f4734da319844e66aa36aee2310fd5eb.pdf
- https://static.usrfiles.com/ugd/b52961_80a75f64b05f45f5aa19a9a8cede4501.pdf
- https://cdn.shopify.com/s/files/1/0432/2436/7262/files/kajivepewuvusotuju.pdf
- https://cdn.shopify.com/s/files/1/0447/4172/2263/files/advanced_engineering_mathematics_8th_edition_slader.pdf
- https://cdn.shopify.com/s/files/1/0429/2476/9436/files/zusiruvux.pdf
- https://cdn.shopify.com/s/files/1/0459/6101/9551/files/anatomy_of_the_eye_and_orbit.pdf
- https://cdn.shopify.com/s/files/1/0437/0530/3190/files/40794947598.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000081f0.binf3d98dde77661147aea0187011f75510bbda9b27b667252ba83635e14c527bfd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x81F0 | 4512 bytes |
font_01_sfnt_off0000915b.bin91d39579b787ebb07b35a61670cc48236b55e577f9a7377b87e2678830efeb3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x915B | 12684 bytes |
font_02_sfnt_off0000ba61.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBA61 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.