MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one heuristic specifically identifying it as a 'PDF_SEO_LINK_FARM'. The primary malicious URL identified is 'https://ttraff.com/pify?keyword=beethoven+pathetique+sheet+music+pdf', which is flagged as a malicious redirector. The document body, though heavily obfuscated, contains references to the malicious URL, suggesting an attempt to lure users through deceptive content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=beethoven+pathetique+sheet+music+pdf
- http://files.thechurchofthelivinggod.com/uploads/1/3/2/6/132681880/9879472.pdf
- http://files.arthurkeeganbole.com/uploads/1/3/2/6/132695586/2da843.pdf
- http://files.socohomephotography.com/uploads/1/3/2/6/132695339/sunapogukila_lakeligo_bifasojusunoxe_tupugexex.pdf
- http://files.dnbs-band.com/uploads/1/3/1/3/131383247/gutimazivej_doduxitez_vezuxinekavuga.pdf
- https://cdn.shopi
- https://cdn.shopify.com/s/files/1/0448/3599/5808/files/ios_simulator_in_xcode_download.pdf
- https://cdn.shopify.com/s/files/1/0432/0844/2020/files/vizerawinidebupo.pdf
- https://cdn.shopify.com/s/files/1/0437/9348/1889/files/white_people_name_generator.pdf
- https://cdn.shopify.com/s/files/1/0434/3886/6593/files/automatize_tarefas_maantes_com_python_download.pdf
- https://cdn.shopify.com/s/files/1/0431/6859/6117/files/91261342014.pdf
- https://cdn.shopify.com/s/files/1/0428/7194/7430/files/cuaderno_para_aprender_a_leer_y_escribir.pdf
- https://cdn.shopify.com/s/files/1/0434/3581/9173/files/palulobeten.pdf
- https://cdn.shopify.com/s/files/1/0448/1197/6855/files/microelectronic_circuits_7th_edition_solutions.pdf
- https://cdn.shopify.com/s/files/1/0432/5621/7750/files/what_is_reliability_centered_maintenance.pdf
- https://cdn.shopify.com/s/files/1/0431/6400/8605/files/candy_ke_word.pdf
- https://cdn.shopify.com/s/files/1/0430/2703/8369/files/super_bluetooth_hack_1._08.pdf
- https://cdn.shopify.com/s/files/1/0429/2352/4259/files/52720257146.pdf
- https://cdn.shopify.com/s/files/1/0433/6903/7974/files/70252654812.pdf
- https://cdn.shopify.com/s/files/1/0427/6014/3014/files/antimicrobial_stewardship.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005458.bin1bc86af795a1c3d2c4418f6f7e93020e86949658251bd27086672007816f3c0b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5458 | 5384 bytes |
font_01_sfnt_off00006684.bin753277417c4904a0df8f1d682a34d060857df2b612e4a325b8324b2235c5c83b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6684 | 10204 bytes |
font_02_sfnt_off0000898c.bina542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x898C | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.