MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous links, masquerading as a worksheet answer key, to a known malicious redirector. The primary malicious URL is https://ttraff.me/wix?keyword=into+the+wild+chapter+4+transcendental+allusions+worksheet+answers. The PDF also exhibits characteristics of a link farm, with many links pointing to benign Shopify domains, likely to improve search engine ranking for the lure content. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=into+the+wild+chapter+4+transcendental+allusions+worksheet+answers
- https://cdn.shopify.com/s/files/1/0435/1596/9688/files/7799072971.pdf
- https://cdn.shopify.com/s/files/1/0433/5281/7832/files/nazotamowusasema.pdf
- https://cdn.shopify.com/s/files/1/0435/6807/0824/files/tutowupumaverakobeguxosov.pdf
- https://cdn.shopify.com/s/files/1/0483/8981/6469/files/using_lay_and_lie_worksheet_answers.pdf
- https://cdn.shopify.com/s/files/1/0434/2756/1628/files/naxixokisubeworupeno.pdf
- https://cdn.shopify.com/s/files/1/0433/4790/2623/files/tekewenebisavibajel.pdf
- https://cdn.shopify.com/s/files/1/0436/2112/2211/files/6177026697.pdf
- https://cdn.shopify.com/s/files/1/0464/7229/8646/files/57560205455.pdf
- https://cdn.shopify.com/s/files/1/0436/2308/8290/files/basara_4_sumeragi_dlc.pdf
- https://730e8fc8-ce74-4dcf-9ef6-8806d43bf90d.filesusr.com/ugd/3b0c81_416fe183ef324eee83dad55eae3615c2.pdf?index=true
- https://8ad8a058-53a8-4167-9b8b-dcaa76c3a49a.filesusr.com/ugd/0a0016_3c63eb9e01aa48d082c4597609b1ba95.pdf?index=true
- https://bccbf446-d293-4371-9437-4259e45c21f4.filesusr.com/ugd/b52961_d66d95c9d8c8412ba6476545cfac1ef5.pdf?index=true
- https://0413b1a9-89d0-4c42-8ece-05ac140c2e2e.filesusr.com/ugd/7a11b0_8610cab003de4712bd22a3a4976ff2b4.pdf?index=true
- https://a7165ae4-7e52-48ac-a137-ba5f176cfd6e.filesusr.com/ugd/1d64af_f817a4baeec746f3a054faf3434ff38d.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000786d.binf3dd7bab50febb1c9491c06034c17b18d26038a34afce6f2c42bc7a8439154ab |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x786D | 5224 bytes |
font_01_sfnt_off00008a35.bin53f35d15a7257ee84c7a9f71a6b39b759f7482444bc3b5a87a840a70143b6c41 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A35 | 10164 bytes |
font_02_sfnt_off0000acfd.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xACFD | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.