MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous embedded links, with a critical heuristic firing indicating it links to known malicious redirector infrastructure. The document body, though heavily obfuscated, contains text related to 'B.ed syllabus 2019-20 pdf', suggesting a lure to disguise the malicious intent. The primary malicious URL identified is https://ttraff.com/wb?keyword=b.ed%20syllabus%202019-20%20pdf, which likely leads to further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=b.ed%20syllabus%202019-20%20pdf
- http://files.sass-and-crafts.com/uploads/1/3/0/8/130815213/puwakujojavulazamad.pdf
- http://files.climatechheatingcooling.com/uploads/1/3/1/3/131398423/c3fec48.pdf
- http://files.lonsdale-estate.co.uk/uploads/1/3/1/4/131437770/7476893.pdf
- http://files.eastbrooklynhousing.com/uploads/1/3/2/6/132696323/bd315056bd9dd37.pdf
- https://cdn.shopify.com/s/files/1/0428/9452/4579/files/vutisojomuz.pdf
- https://cdn.shopify.com/s/files/1/0431/4519/9784/files/wozufisewikenexowatupevu.pdf
- https://cdn.shopify.com/s/files/1/0428/1637/2892/files/amplified_bible_2020.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/63912397784.pdf
- https://cdn.shopify.com/s/files/1/0432/3000/3358/files/nepow.pdf
- https://cdn.shopify.com/s/files/1/0432/2259/7800/files/bilusowep.pdf
- https://cdn.shopify.com/s/files/1/0431/1724/8672/files/lagobebewaborovivoku.pdf
- https://cdn.shopify.com/s/files/1/0437/6385/9610/files/74620737074.pdf
- https://cdn.shopify.com/s/files/1/0434/8251/3561/files/english_alphabet_worksheet_for_kindergarten.pdf
- https://cdn.shopify.com/s/files/1/0428/4035/9068/files/xikewizunotu.pdf
- https://cdn.shopify.com/s/files/1/0429/6795/7658/files/44506069042.pdf
- https://cdn.shopify.com/s/files/1/0427/4572/5094/files/53244247917.pdf
- https://cdn.shopify.com/s/files/1/0428/7198/0198/files/knapsack_dynamic_programming.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006dfb.bin8881448fa43af4d7bc23b887c1ce0d1a3ede8d192ba01fc1ff8196311fca4733 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DFB | 5312 bytes |
font_01_sfnt_off00008025.bin2d302a408b8360cebe8c30f920b073654e1218e87d457079633c35250bcff28d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8025 | 14096 bytes |
font_02_sfnt_off0000abee.bin0be84d2d0547f1f02aa0071b49020aaa73ac7e6a4c4dee27a4da8627c6f2d0ef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xABEE | 16092 bytes |
font_03_sfnt_off0000c0b3.bin8405bb6ca9a6fb718a2e910e1cdde4d74ac2122cab0061dc5f772322db9c7ccd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC0B3 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.