MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous links to external websites, many of which are hosted on Shopify and appear to be part of a link farm designed to manipulate search engine results. One prominent URL, https://ttraff.ru/wb?keyword=noli%20me%20tangere%20book%20pdf%20english, is flagged as a malicious redirector. The document body, though heavily obfuscated, contains text related to 'Noli me tangere book pdf english', suggesting a lure to download a book. The combination of link farming and a malicious redirector indicates a probable SEO spam or phishing campaign.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=noli%20me%20tangere%20book%20pdf%20english
- http://files.jonaspuru.com/uploads/1/3/1/3/131381452/zizoforepokapi-wubuzoretidoliw.pdf
- http://files.nptha.com/uploads/1/3/1/4/131452922/7eba417.pdf
- http://files.campervantoursuk.com/uploads/1/3/0/9/130969231/naken_lagurovipuz.pdf
- http://files.gaylebunchart.com/uploads/1/3/1/4/131437308/9438487.pdf
- http://files.yeyeluisahteish.com/uploads/1/3/1/3/131379946/d755e.pdf
- http://files.gaylebunchart.com/uploads/1/3/1/4/131437308/9438
- https://cdn.shopify.com/s/files/1/0431/7259/3820/files/kuvijo.pdf
- https://cdn.shopify.com/s/files/1/0433/6245/1611/files/xunokedomapunigezuxabuw.pdf
- https://cdn.shopify.com/s/files/1/0435/2013/1236/files/51239877912.pdf
- https://cdn.shopify.com/s/files/1/0436/9140/9562/files/16394824025.pdf
- https://cdn.shopify.com/s/files/1/0432/1955/0370/files/12165509698.pdf
- https://cdn.shopify.com/s/files/1/0428/5654/6467/files/30560925143.pdf
- https://cdn.shopify.com/s/files/1/0434/8723/2166/files/56896777947.pdf
- https://cdn.shopify.com/s/files/1/0429/0379/7913/files/52449197060.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/4274895189.pdf
- https://cdn.shopify.com/s/files/1/0433/4298/7422/files/34243919833.pdf
- https://cdn.shopify.com/s/files/1/0432/0516/5216/files/67263120061.pdf
- https://cdn.shopify.com/s/files/1/0440/9848/6424/files/97159003303.pdf
- https://cdn.shopify.com/s/files/1/0432/7381/4182/files/rijafe.pdf
- https://cdn.shopify.com/s/files/1/0430/3316/5986/files/xamuvovaraso.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008584.bin54a6907963ba728ed602a350573ace5dc86487e1509fa8c931b47b4a67e3ca19 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8584 | 5416 bytes |
font_01_sfnt_off000097b9.bina2c5cf3cfb66130791ac2a66db74e78c98c6735be386468a4984d6124350f0c9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97B9 | 10260 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.