MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one identified as a known malicious redirector. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, suggesting a tactic to manipulate search engine rankings or distribute malicious content. The primary malicious URL identified is https://ttraff.ru/pify?keyword=manual+da+cbx+250+twister+2008+pdf. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=manual+da+cbx+250+twister+2008+pdf
- http://files.alexiakate.com/uploads/1/3/1/4/131452944/ronuto-tutajijipixo.pdf
- http://gaxigi.poppingforparkinsons.com/uploads/1/3/1/3/131398140/polatum.pdf
- http://junefa.0-projects.info/uploads/1/3/1/4/131407089/73a4e64f7a299.pdf
- https://cdn.shopify.com/s/files/1/0448/3717/5456/files/testing_the_validity_and_reliability_of_research_instruments.pdf
- https://cdn.shopify.com/s/files/1/0440/5588/8022/files/biostar_2_ta.pdf
- https://cdn.shopify.com/s/files/1/0430/7537/1162/files/38888140759.pdf
- https://cdn.shopify.com/s/files/1/0439/9998/5822/files/critical_thinking_books.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/mofofuledezenededur.pdf
- https://cdn.shopify.com/s/files/1/0429/9682/6273/files/naguvezefiduvunutub.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/61259485886.pdf
- https://cdn.shopify.com/s/files/1/0438/3549/0461/files/ethical_dilemmas_in_business.pdf
- https://cdn.shopify.com/s/files/1/0431/6377/9236/files/vusawif.pdf
- https://cdn.shopify.com/s/files/1/0429/1490/6275/files/99731272166.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/45366335679.pdf
- https://cdn.shopify.com/s/files/1/0433/7156/1116/files/watuluvo.pdf
- https://cdn.shopify.com/s/files/1/0428/9318/1081/files/46831431227.pdf
- https://cdn.shopify.com/s/files/1/0448/9058/7291/files/the_other_wes_moore_online_book.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011dc3.bin7b9c1ad248dcaef01c7adb4df71c22141da68cde87cc5ccff7cadb2d821898f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11DC3 | 1768 bytes |
font_01_sfnt_off00012638.binee205e490924b483eaec12632be2d7d13a6d1fc8a744097734f79e3fe2370bb1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12638 | 2860 bytes |
font_02_sfnt_off00013061.bina37152d0a69f91f126eabaab3b6a3f8e4a9fa6d90e94f5f6d2903e0cedb60e63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13061 | 6044 bytes |
font_03_sfnt_off0001450e.bin48b6fc2e291f3a3ca91eeca630d8d00ef1b09bc4667498d52518d509cc935bb0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1450E | 14032 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.