MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, with one critical heuristic firing indicating a malicious redirector. The primary malicious URL identified is https://ttraff.com/pify?keyword=rna+mediated+epigenetic+regulation+of+gene+expression+pdf. This suggests the document is part of an SEO poisoning or phishing campaign designed to lure users to malicious infrastructure. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=rna+mediated+epigenetic+regulation+of+gene+expression+pdf
- http://files.1817.co.uk/uploads/1/3/2/6/132681317/e457965e8c4.pdf
- http://files.erinlands.com/uploads/1/3/1/4/131455158/4554022.pdf
- http://files.tidetoadream.com/uploads/1/3/1/6/131637553/botil_xugafez_jidebi.pdf
- http://files.tualatindar.org/uploads/1/3/1/3/131379590/monusixiw_gabon.pdf
- http://files.thedinopark.com/uploads/1/3/2/7/132740415/6535022.pdf
- https://cdn.shopify.com/s/files/1/0437/9102/4277/files/wigijinuvekaj.pdf
- https://cdn.shopify.com/s/files/1/0428/1778/1927/files/western_snow_plow_trouble_shooting.pdf
- https://cdn.shopify.com/s/files/1/0428/6650/7942/files/49321169088.pdf
- https://cdn.shopify.com/s/files/1/0450/5419/7910/files/automobile_spare_parts_list.pdf
- https://cdn.shopify.com/s/files/1/0434/5603/7017/files/hierarchical_clustering_algorithm_in_data_mining.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/43561311815.pdf
- https://cdn.shopify.com/s/files/1/0432/8534/8510/files/canon_powershot_sx520_hs_manual.pdf
- https://cdn.shopify.com/s/files/1/0430/4296/3613/files/batch_file_if_statement.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/vunazazaxukatokezidabu.pdf
- https://cdn.shopify.com/s/files/1/0430/8657/7828/files/14437216228.pdf
- https://cdn.shopify.com/s/files/1/0431/1272/6677/files/3245607253.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/wonazonuv.pdf
- https://cdn.shopify.com/s/files/1/0431/3733/5464/files/74840521493.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068e0.binfe81e7cd0f6a84816d44d4f601293f4cbac2dc17808768f300f29c0108df217e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68E0 | 5548 bytes |
font_01_sfnt_off00007bb7.bin264375bce30411bc97046721b3d344b154be84a087dec84f0f47c1d333b29d3c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BB7 | 9980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.