MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic firing indicating it's a malicious redirector. One prominent link, 'https://ttraff.me/wix?keyword=reciprocal+graphs+worksheet', is identified as a malicious redirector. Another heuristic indicates a large number of PDF links, suggesting a link farm, with 'https://cdn.shopify.com/s/files/1/0431/2953/6668/files/the_phantom_portal_prizes.pdf' being the first identified. The document body, though heavily obfuscated, contains text related to 'reciprocal graphs worksheet', aligning with the lure presented by the malicious link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=reciprocal+graphs+worksheet
- https://cdn.shopify.com/s/files/1/0431/2953/6668/files/the_phantom_portal_prizes.pdf
- https://cdn.shopify.com/s/files/1/0431/2642/3701/files/sotijarutedepapasuju.pdf
- https://cdn.shopify.com/s/files/1/0439/2452/1128/files/92677465605.pdf
- https://cdn.shopify.com/s/files/1/0433/0081/5006/files/tidazinunibakinaj.pdf
- https://cdn.shopify.com/s/files/1/0457/5907/0372/files/pijojapedajiraxumomukas.pdf
- https://cdn.shopify.com/s/files/1/0433/7985/1414/files/99423897870.pdf
- https://cdn.shopify.com/s/files/1/0431/9405/6861/files/9720953863.pdf
- https://cdn.shopify.com/s/files/1/0432/5667/6507/files/anti_hijacking_act_2020.pdf
- https://cdn.shopify.com/s/files/1/0463/0852/4194/files/52512553732.pdf
- https://cdn.shopify.com/s/files/1/0430/2385/9873/files/32318143616.pdf
- https://cdn.shopify.com/s/files/1/0431/0699/2289/files/stay_alive_full_movie_123.pdf
- https://cdn.shopify.com/s/files/1/0428/9839/1196/files/free_kindergarten_shape_worksheets.pdf
- https://cdn.shopify.com/s/files/1/0433/8355/4206/files/bissell_proheat_carpet_cleaner_parts.pdf
- https://cdn.shopify.com/s/files/1/0438/9643/8936/files/format_factory_software_for_pc_free.pdf
- https://ae21e065-15f9-45a4-b46f-070803797af7.filesusr.com/ugd/1e4819_1adde9d637764e6fa2be1325927447a8.pdf?index=true
- https://cf1342c5-f52a-4a02-b6bc-0e51db2388d4.filesusr.com/ugd/1849a1_e1eb357ebbb1498787176b52d7b22cad.pdf?index=true
- https://1c0c9d6e-bc64-4b20-aea2-0190109e10cc.filesusr.com/ugd/45fd81_b028bdbc95bf40368778f7e4ec4d2166.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b90.bin1eae1ed0b67a90275a9ddab50f609fb0646d8b6b7bc64ae0bd7a4a372538a577 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B90 | 5360 bytes |
font_01_sfnt_off00007dda.bind392455da4462d1e0cb0f2b7d0ac4cecc6da761ad540f1b1f8ec4b09f7643a68 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DDA | 10524 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.