MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.com/pify?keyword=latest+bollywood+songs+for+whatsapp+status'. This URL is presented in a context that suggests a lure, likely to a phishing or malware distribution site. The document also contains a PDF link farm heuristic, indicating a large number of outbound links, many of which are to Shopify domains, but the primary malicious indicator is the ttraff.com redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=latest+bollywood+songs+for+whatsapp+status
- http://files.timothypbrown.com/uploads/1/3/2/8/132815123/947361d2e.pdf
- http://files.huntersvillelawyer.com/uploads/1/3/1/8/131871994/60fb12e78ede9.pdf
- http://files.ronmilesphotography.com/uploads/1/3/0/7/130776265/a40280.pdf
- https://cdn.shopify.com/s/files/1/0437/1084/1000/files/b._ed_form_2018_rajasthan_university.pdf
- https://cdn.shopify.com/s/files/1/0434/5475/9069/files/allergen_information_data_sheet_template.pdf
- https://cdn.shopify.com/s/files/1/0432/8354/6267/files/lixipenoremiwo.pdf
- https://cdn.shopify.com/s/files/1/0433/4262/6984/files/welutagumuvavudalig.pdf
- https://cdn.shopify.com/s/files/1/0430/8110/5575/files/cara_driver_bluetooth_windows_10.pdf
- https://cdn.shopify.com/s/files/1/0431/2930/7293/files/mukazotomoda.pdf
- https://cdn.shopify.com/s/files/1/0430/7006/2754/files/kakivoxemogobo.pdf
- https://cdn.shopify.com/s/files/1/0435/7079/0559/files/wixovifa.pdf
- https://cdn.shopify.com/s/files/1/0438/5341/4565/files/jozadinurewaliga.pdf
- https://cdn.shopify.com/s/files/1/0429/2093/5590/files/pirukufozaja.pdf
- https://cdn.shopify.com/s/files/1/0441/2047/3752/files/98491308296.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004ef2.binfba3b8bd8e087fcc06d4af418e7970d6588f3959208171910c044028f6dee2e6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4EF2 | 5580 bytes |
font_01_sfnt_off000061eb.binc2cb2286e03751d48deaf3ef8e637a4eea97029db09be43c90061c59a9339a85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61EB | 2016 bytes |
font_02_sfnt_off00006ba1.bin7b2a5b9a797b00282e40fb0b030e3b07e3792d09f0cb4b4154026ceb3293f727 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BA1 | 10652 bytes |
font_03_sfnt_off0000900d.bin32a62e14ef6e7ef020473885531c634be534e085a00fc422ce80a7236eb1f1c9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x900D | 16304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.