MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing indicating it is a malicious redirector link, pointing to ttraff.com. Additionally, it exhibits characteristics of a PDF link farm, with numerous links to PDFs hosted on domains like cdn.shopify.com. The embedded document body text, though partially corrupted, contains the target URL and appears to be a lure for further malicious activity. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=td%20160/100%20silent%20manual
- http://files.chicagostatechamber.org/uploads/1/3/1/6/131606815/mofebibetaropuzonalu.pdf
- http://files.able-disabled.com/uploads/1/3/1/1/131164081/molewotenulimepis.pdf
- http://files.jamesapartments.cz/uploads/1/3/2/6/132680986/4708390.pdf
- http://files.iyengaryoga-concord.com/uploads/1/3/2/7/132711954/sabitorimewad.pdf
- http://files.xdesign4u.com/uploads/1/3/1/0/131069887/miwebew.pdf
- https://cdn.shopify.com/s/files/1/0437/8106/2817/files/95151136965.pdf
- https://cdn.shopify.com/s/files/1/0429/5009/9107/files/sixijotirinomutidu.pdf
- https://cdn.shopify.com/s/files/1/0436/4288/0160/files/2268513343.pdf
- https://cdn.shopify.com/s/files/1/0434/1320/9246/files/43382287769.pdf
- https://cdn.shopify.com/s/files/1/0434/2457/9751/files/cathodic_protection_principle.pdf
- https://cdn.shopify.com/s/files/1/0431/6269/7894/files/48394793399.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jatebilebasa.pdf
- https://cdn.shopify.com/s/files/1/0431/0928/6050/files/dutimolepa.pdf
- https://cdn.shopify.com/s/files/1/0433/6379/5096/files/zafezenakiden.pdf
- https://cdn.shopify.com/s/files/1/0431/9238/5700/files/94871455720.pdf
- https://cdn.shopify.com/s/files/1/0428/8351/4527/files/jatokawif.pdf
- https://cdn.shopify.com/s/files/1/0434/1848/4888/files/dutesulake.pdf
- https://cdn.shopify.com/s/files/1/0433/8548/7516/files/let_it_go_piano_sheet_free.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000604f.bineb00600a98e8101c50fcf12f4e8e0cf6ed4ee2a04998f47fd1fd13f5b1b62a39 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x604F | 3348 bytes |
font_01_sfnt_off00006c6b.bin395c3c73e1a749da07dd6d2ded145d899fdbd0a8af4b4488ec20a656093b5794 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C6B | 4980 bytes |
font_02_sfnt_off00007d3a.bine10a5e4068540ebad86df8245043e5f087d370f62c396483b024d0032da34bba |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D3A | 10004 bytes |
font_03_sfnt_off00009f71.bin8405bb6ca9a6fb718a2e910e1cdde4d74ac2122cab0061dc5f772322db9c7ccd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9F71 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.