MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains a lure for an advance-fee scam, disguised as an HR project report. It embeds a link that redirects to a malicious URL, likely to deliver a second-stage payload or phish for credentials. The PDF_MALICIOUS_REDIRECTOR_LINK heuristic confirms the malicious nature of the redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=hr+project+report+on+employees+absenteeism+pdf
- http://files.alltechclimate.ca/uploads/1/3/1/4/131406947/6543501.pdf
- http://files.mammoguide.com/uploads/1/3/2/6/132682655/kekugovubitepoj-suviloxar.pdf
- http://files.matttighefiddle.co.uk/uploads/1/3/2/3/132303219/nixati-bugesibabusa.pdf
- https://cdn.shopify.com/s/files/1/0428/9275/5111/files/47508508976.pdf
- https://cdn.shopify.com/s/files/1/0432/7122/5494/files/bubajuzozijopogim.pdf
- https://cdn.shopify.com/s/files/1/0431/5080/3099/files/36600018624.pdf
- https://cdn.shopify.com/s/files/1/0431/0951/5425/files/37030017704.pdf
- https://cdn.shopify.com/s/files/1/0434/1566/6849/files/jaxilaxabubulupesor.pdf
- https://cdn.shopify.com/s/files/1/0428/5143/4659/files/sowadijowakuxufupobopil.pdf
- https://cdn.shopify.com/s/files/1/0432/2256/5032/files/10095585395.pdf
- https://cdn.shopify.com/s/files/1/0435/1167/7083/files/tuvawodivowujatupevipifu.pdf
- https://cdn.shopify.com/s/files/1/0437/7087/1970/files/solidworks_2015_tutorial.pdf
- https://cdn.shopify.com/s/files/1/0440/9635/6504/files/sosejufolipoxojitonixuv.pdf
- https://cdn.shopify.com/s/files/1/0432/3858/8584/files/ficha_biopsicosocial_primaria.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00014a4d.bina63dc7203ceba2031beaf1d50b83973ffdd0483474384fa5780efc3deacec6ca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14A4D | 1696 bytes |
font_01_sfnt_off00015277.bin59a9c68792c047b3f3aa548f5da31652e99a07957fd0a91af66c8f3e04711bb5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15277 | 5368 bytes |
font_02_sfnt_off0001649b.binbc8dc0e28bd276469b5f47ce6a660f22d5a190926ec12fa64123d275e5b74781 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1649B | 13296 bytes |
font_03_sfnt_off00018f7b.bin4a59cd45dbc5e071fb523d212ca80ce3bb007c668efd63336a3e1ae3300a8511 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18F7B | 16244 bytes |
font_04_sfnt_off0001a4ec.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A4EC | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.