MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains multiple embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains a URL that matches the malicious redirector. The presence of a link farm heuristic further indicates an attempt to distribute malicious content through numerous external links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=prince+of+peace+baptist+church+chicago+il
- http://bakasinu.michaelhadjimichael.com/uploads/1/3/0/7/130738531/4692345.pdf
- http://lezefas.primecomps.com/uploads/1/3/0/7/130738714/3370120.pdf
- http://manabuje.transformineducation.org/uploads/1/3/0/8/130874299/5040093.pdf
- https://cdn.shopify.com/s/files/1/0434/7851/5864/files/ravelawenovamivo.pdf
- https://cdn.shopify.com/s/files/1/0433/0710/6462/files/sosebegapevulusix.pdf
- https://cdn.shopify.com/s/files/1/0433/4885/2894/files/lazemalo.pdf
- https://fe9376ad-ae9f-47f6-a1d4-e7eb3a72cb48.filesusr.com/ugd/4329d7_9e8048efc06042c1b2e4ab6c9903867c.pdf?index=true
- https://4ce37a5e-e115-4337-b43f-6ddcac4a9550.filesusr.com/ugd/031dda_1762b5d3af1341cca8be52fe5eb4e985.pdf?index=true
- https://59f384c5-0c55-447e-a1e7-34949345cdb6.filesusr.com/ugd/3ed902_9de49b7905c044c7b1f96be166446500.pdf?index=true
- https://cdn.shopify.com/s/files/1/0481/4281/1289/files/honey_bun_cake_with_cream_cheese.pdf
- https://cdn.shopify.com/s/files/1/0431/0453/4692/files/24951126920.pdf
- https://cdn.shopify.com/s/files/1/0435/5417/7183/files/3989710852.pdf
- https://cdn.shopify.com/s/files/1/0435/7141/3151/files/14424602230.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005ba2.bin90fde11a3f0037fc907ae8b61c813580ea22ef209ebde2636d9354b201d9be1f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BA2 | 6476 bytes |
font_01_sfnt_off00006ba9.binec68be90fc03ea528f4a25ee6fa50734fa594b34c10c12d8d061d21ae574667e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BA9 | 5420 bytes |
font_02_sfnt_off00007e08.bin38ee7023fbe8e769b16ae379caae6baccf0062aaaf67857c8eb24571311f8d72 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E08 | 5364 bytes |
font_03_sfnt_off00008d61.bine7c8824f902a67444b8a0db7672087485749dd50f3c5ede1f01953bf178f9124 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8D61 | 10036 bytes |
font_04_sfnt_off0000b009.binbf950c4e7133ce77fdef2df0205da95a07fbf1ab4917480175e64671a73767ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB009 | 16168 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.