MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link farm and a specific malicious redirector URL, disguised as a download for 'Android studio for windows 7 free'. The document body and heuristics indicate a lure for payment or download, directing users to the ttraff.cc domain. This suggests a phishing or social engineering attack aimed at redirecting users to potentially malicious content.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=android+studio+for+windows+7+free
- http://files.precisionhvac.us/uploads/1/3/0/7/130739747/gikigewuj.pdf
- http://files.bethanylutheranrlf.com/uploads/1/3/1/3/131381819/sizumomonogup.pdf
- http://files.smithpoolservice.com/uploads/1/3/2/7/132740620/gewulubiz.pdf
- http://files.jakyoga.com/uploads/1/3/2/7/132740405/d4480fd1.pdf
- https://cdn.shopify.com/s/files/1/0430/3133/0969/files/58318523286.pdf
- https://cdn.shopify.com/s/files/1/0433/3882/5883/files/63542116260.pdf
- https://cdn.shopify.com/s/files/1/0438/2982/1597/files/statistical_data_collection.pdf
- https://cdn.shopify.com/s/files/1/0433/6861/1989/files/4240507416.pdf
- https://cdn.shopify.com/s/files/1/0434/0065/9100/files/calendrio_agosto_2020_para_imprimir.pdf
- https://cdn.shopify.com/s/files/1/0430/6993/1671/files/15_minutes_to_a_better_interview.pdf
- https://cdn.shopify.com/s/files/1/0428/7689/5398/files/ladowexokawakizuvome.pdf
- https://cdn.shopify.com/s/files/1/0429/6572/9429/files/vizopekefodem.pdf
- https://cdn.shopify.com/s/files/1/0429/9191/1066/files/44613862951.pdf
- https://cdn.shopify.com/s/files/1/0435/7039/7339/files/34950218395.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/66541571973.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0433/6861/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e32.bin975d564494aee40b6b6bc929d6d923358bb09f6995da59bdc21715406b85626f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E32 | 4820 bytes |
font_01_sfnt_off00007ec1.binf4b0b1ed495d2e4e0e58d72ac970251084c6f02eae55ecdbfac6d57b5cd6ee1b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EC1 | 10144 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.