MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with a critical heuristic firing for a PDF link farm. One of these links, 'https://ttraff.me/wix?keyword=madeira+12+string+acoustic+guitar', points to a known malicious redirector. The document body, though heavily obfuscated, also contains this URL, suggesting it is the primary lure. The presence of numerous benign-looking Shopify links alongside the malicious one is a common tactic for SEO poisoning to mask malicious activity.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=madeira+12+string+acoustic+guitar
- https://cdn.shopify.com/s/files/1/0430/7664/9121/files/22601868301.pdf
- https://cdn.shopify.com/s/files/1/0430/2451/5229/files/flight_of_the_bumblebee_saxophone_sheet.pdf
- https://cdn.shopify.com/s/files/1/0428/3708/2271/files/arcing_horns.pdf
- https://cdn.shopify.com/s/files/1/0435/6908/6623/files/behaviour_management_strategies_for_toddlers.pdf
- https://7962ac5d-927d-45c6-a536-ef935dbd2998.filesusr.com/ugd/89b1bc_3793d64fd02f4217b753da1ad7b97fcd.pdf?index=true
- https://9a66ac05-5a89-4b3b-a571-119ee5ad348a.filesusr.com/ugd/a9248e_3c91dec2631b4860886e350add7a52ba.pdf?index=true
- https://ac579bbb-a948-401d-b6db-36224b363bf0.filesusr.com/ugd/4cf28d_1edd3db39c3c4e898d9532600cdde140.pdf?index=true
- https://873d6919-b230-401f-a315-18d33540695a.filesusr.com/ugd/c3f88d_cfa76e20384a43278350d41eb4d2783d.pdf?index=true
- https://c565e610-aabd-473d-810d-ce8a49096b68.filesusr.com/ugd/a0d21a_26a45232077b4f6ebe4f0a6bddd57422.pdf?index=true
- https://cdn.shopify.com/s/files/1/0438/6314/6656/files/zowonokovizeweku.pdf
- https://cdn.shopify.com/s/files/1/0434/7320/7446/files/too_young_to_fall_in_love_tab.pdf
- https://cdn.shopify.com/s/files/1/0427/5660/4070/files/best_interview_questions_and_answers_for_freshers.pdf
- https://cdn.shopify.com/s/files/1/0435/8553/6159/files/vofitedopiwibawofik.pdf
- https://cdn.shopify.com/s/files/1/0436/3619/5488/files/avery_labels_template_8163.pdf
- https://cdn.shopify.com/s/files/1/0431/9081/2821/files/windows_10_update_limit_speed.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006716.bind0f2165f8eb56754e154177d2f6e80c84b5b8ef1534a699c5a01ffdc7c6c013e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6716 | 5264 bytes |
font_01_sfnt_off00007922.bin37a218d8ba42ec4388e927be42ce16e39c2222b8793ff6886012bc2914a5f425 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7922 | 10580 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.