MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to malicious infrastructure. It also exhibits PDF_SEO_LINK_FARM behavior, suggesting a large number of outbound links, many of which are to benign Shopify URLs but one critical link points to a suspicious redirector. The embedded URL in the document body, 'https://ttraff.cc/pify?keyword=pathologic+basis+of+disease+7th+edit', is the primary indicator of malicious intent, likely serving as a lure to a phishing or malware distribution site.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=pathologic+basis+of+disease+7th+edit
- http://dovosof.keepingupwiththehoustons.com/uploads/1/3/2/8/132814930/dozodafulivovelekani.pdf
- http://files.arlingtonroofingco.com/uploads/1/3/2/6/132682647/fotafikikalafo.pdf
- https://cdn.shopify.com/s/files/1/0439/1033/2571/files/machine_hour_rate_calculation_in_excel_sheet.pdf
- https://cdn.shopify.com/s/files/1/0430/7353/6161/files/81537273246.pdf
- https://cdn.shopify.com/s/files/1/0437/4449/3720/files/addition_word_problems_for_grade_1.pdf
- https://cdn.shopify.com/s/files/1/0430/0813/1233/files/injection_blow_molding_process.pdf
- https://cdn.shopify.com/s/files/1/0440/2115/3957/files/c_binary_tree_implementation.pdf
- https://cdn.shopify.com/s/files/1/0432/5238/3904/files/apostrophe_worksheets_for_grade_6.pdf
- https://cdn.shopify.com/s/files/1/0448/0316/2263/files/the_accidental_prime_minister_book_in_english.pdf
- https://cdn.shopify.com/s/files/1/0437/2394/8183/files/medeximepumoxavaxagomi.pdf
- https://cdn.shopify.com/s/files/1/0428/6709/7756/files/80084430570.pdf
- https://cdn.shopify.com/s/files/1/0434/4204/5090/files/pibudisobobef.pdf
- https://cdn.shopify.com/s/files/1/0428/6713/0534/files/84791117212.pdf
- https://cdn.shopify.com/s/files/1/0450/6845/1992/files/ceh_certified_ethical_hacker_study_guide_download.pdf
- https://cdn.shopify.com/s/files/1/0433/4741/1096/files/24325316389.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006d98.binb449b38d72b26b92bd471d1dc68f3d983ca653817e2f0ffb501141809c3ed0b5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D98 | 5088 bytes |
font_01_sfnt_off00007ef3.bin3fd8c971bd87ba3262635496406b729980ea95e371bc3594ce28f9173f5d697d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EF3 | 10148 bytes |
font_02_sfnt_off0000a1c0.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA1C0 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.