MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, identified as a link farm. One of these links, https://ttraff.cc/pify?keyword=means+building+construction+cost+data+pdf, points to a known malicious redirector. The primary purpose appears to be directing users to malicious content through this extensive link network. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=means+building+construction+cost+data+pdf
- http://files.cathyxwu.com/uploads/1/3/0/8/130873872/f92cf7ae.pdf
- http://files.suepickford.net/uploads/1/3/2/7/132741348/duxozurewos-pilixuji-metosirosin-woteti.pdf
- http://files.stingrayepoxyworks.com/uploads/1/3/0/8/130874587/7872497.pdf
- http://files.fusionpipeexperts.com/uploads/1/3/0/9/130969497/kuvetakas.pdf
- http://files.joybennett.com/uploads/1/3/0/7/130738562/xezofupa_zurewapobapedat_bakusub.pdf
- https://cdn.shopify.com/s/files/1/0438/1619/0112/files/15044480051.pdf
- https://cdn.shopify.com/s/files/1/0435/5473/4241/files/47411190917.pdf
- https://cdn.shopify.com/s/files/1/0429/6540/1753/files/57018640631.pdf
- https://cdn.shopify.com/s/files/1/0435/1731/3176/files/busavorizupu.pdf
- https://cdn.shopify.com/s/files/1/0435/3009/2712/files/pokerogejas.pdf
- https://cdn.shopify.com/s/files/1/0430/3601/6802/files/wibekoparadukuvubifip.pdf
- https://cdn.shopify.com/s/files/1/0440/7253/4166/files/anexar_no_sei.pdf
- https://cdn.shopify.com/s/files/1/0429/5114/7676/files/99614828282.pdf
- https://cdn.shopify.com/s/files/1/0435/4523/1515/files/41941453276.pdf
- https://cdn.shopify.com/s/files/1/0436/1525/6738/files/l._a._dragnet.pdf
- https://cdn.shopify.com/s/files/1/0432/5736/4638/files/7842214535.pdf
- https://cdn.shopify.com/s/files/1/0430/2451/5229/files/dewetakewuluzinimejo.pdf
- https://cdn.shopify.com/s/files/1/0433/9639/9265/files/kadovefefusimire.pdf
- https://cdn.shopify.com/s/files/1/0433/7719/7221/files/wofejexiwererajutanina.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000544c.binfadd86c5345b12042c06150f3a606c58bb45ba97fdc64880c0a68abedc270eeb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x544C | 5348 bytes |
font_01_sfnt_off0000667f.bin502838175859aa1b92ba4899a65e3d09be84352e1b08bc2b76b3c214ad03769e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x667F | 10712 bytes |
font_02_sfnt_off00008b16.bin1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8B16 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.