MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic firing for a malicious redirector at 'https://ttraff.com/wix?keyword=fundamentos+de+economia+jose+silvest'. The document body, though heavily obfuscated, contains text related to economics and the authoring application, suggesting a lure to disguise the malicious intent. The presence of a link farm heuristic further indicates this document is part of a larger infrastructure for distributing malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=fundamentos+de+economia+jose+silvest
- https://cdn.shopify.com/s/files/1/0434/4053/7750/files/50121748222.pdf
- https://cdn.shopify.com/s/files/1/0460/5988/0603/files/windows_store_limit_speed.pdf
- https://cdn.shopify.com/s/files/1/0438/2015/5042/files/tecnica_de_cateter_venoso_periferico.pdf
- https://cdn.shopify.com/s/files/1/0429/5314/6517/files/radigatipinemebuzuf.pdf
- https://cdn.shopify.com/s/files/1/0433/4790/2622/files/pexejegokorejasig.pdf
- https://cdn.shopify.com/s/files/1/0439/2802/7304/files/pivapegup.pdf
- https://cdn.shopify.com/s/files/1/0446/4040/3619/files/convert_to_word_adobe_pro_x.pdf
- https://cdn.shopify.com/s/files/1/0430/7006/2754/files/fesoweximowupobin.pdf
- https://cdn.shopify.com/s/files/1/0433/6897/2444/files/goxogazipasi.pdf
- https://cdn.shopify.com/s/files/1/0433/3145/3081/files/libros_de_benedicto_xvi_gratis.pdf
- https://static.usrfiles.com/ugd/b8c837_7f9a4365e1224fc896f2ac8074c61f03.pdf
- https://static.usrfiles.com/ugd/b8c837_2e5fd569fe664e948182ac763e234286.pdf
- https://static.usrfiles.com/ugd/b8c837_a2ed33a746e141df92f4cf37ceee8fc8.pdf
- https://static.usrfiles.com/ugd/d01287_4b94acf5e5f94744a3c219efa1098edf.pdf
- https://static.usrfiles.com/ugd/895bef_e5b1c2e2d0f74d82bb8a4ecfafb95de7.pdf
- https://static.usrfiles.com/ugd/b8c837_4603825955864fcb8bec435843b7bd31.pdf
- https://static.usrfiles.com/ugd/856cea_14e326804d9b443fa90f2649fadc1491.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006175.bind696048fff35f70544aea0e5cec48c96423f1c1d87b71e0d51ea3d1b61f3d661 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6175 | 5080 bytes |
font_01_sfnt_off000072b3.bina1c364a29a85d2dc86fdbdeea339fcc3d3b717ebd8febebfc03fb33356f86c3c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72B3 | 12412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.