MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, with a critical heuristic firing for a PDF link farm. One of these links, 'https://ttraff.com/wix?keyword=old+testament+timeline+kings+prophets', is flagged as a malicious redirector. The document body, though heavily obfuscated, appears to contain the same URL and other Shopify links, suggesting a coordinated effort to distribute malicious content or phishing lures through a link farm hosted on Shopify. The primary attack pattern involves directing users to malicious infrastructure via these embedded links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=old+testament+timeline+kings+prophets
- https://cdn.shopify.com/s/files/1/0435/8547/0623/files/cari_s_closet_formal_dresses.pdf
- https://cdn.shopify.com/s/files/1/0463/4135/7730/files/38770308810.pdf
- https://cdn.shopify.com/s/files/1/0430/5669/3397/files/11321698739.pdf
- https://cdn.shopify.com/s/files/1/0434/9257/3334/files/vex_iq_clawbot_instructions.pdf
- https://cdn.shopify.com/s/files/1/0459/6698/3335/files/html_flip_book_template.pdf
- https://static.usrfiles.com/ugd/b8c837_1e721ad7b5454fb48fa1b5ac54405ad1.pdf
- https://static.usrfiles.com/ugd/b8c837_ea145fc830984c73b15303f77353c4a6.pdf
- https://static.usrfiles.com/ugd/b8c837_eceaa00d0e2d4ebd8888d8e36a723509.pdf
- https://static.usrfiles.com/ugd/b8c837_196c6694c5074fdab78e83b1d9110e4f.pdf
- https://cdn.shopify.com/s/files/1/0440/4936/7190/files/carimbo_folha_a3.pdf
- https://cdn.shopify.com/s/files/1/0440/0057/5638/files/fiche_technique_tp_cuisine.pdf
- https://cdn.shopify.com/s/files/1/0435/9372/8158/files/activador_windows_7.pdf
- https://cdn.shopify.com/s/files/1/0429/7215/1959/files/68518430315.pdf
- https://cdn.shopify.com/s/files/1/0445/3587/3700/files/fundamental_concepts_of_digital_electronics.pdf
- https://static.usrfiles.com/ugd/b8c837_dbdd8039c4d94a20a1dacf8571ad8fef.pdf
- https://static.usrfiles.com/ugd/b8c837_4b522b4db0354ce3b6b1b87d5fc3bc7c.pdf
- https://static.usrfiles.com/ugd/b8c837_ad319baeaa3f4a14b46fe1e02621a7ea.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006828.binea56c48aabb228ce0361c852708c5098c3141fee49bc53fb19e7afedd92a0984 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6828 | 5464 bytes |
font_01_sfnt_off00007a8c.bineb0da2d863e85e7c1ae8617b3d0a5b686755797a88fb3352e6f36b8a05544ceb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A8C | 10552 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.