MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF contains a link that redirects to a known malicious domain, disguised as an admission form. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK confirms this malicious redirection. The presence of a download button lure further supports the malicious intent. No scripts were extracted, limiting the analysis of the payload.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=bangalore+university+pg+admission+form+2019
- https://cdn.shopify.com/s/files/1/0457/6575/5036/files/.pdf
- https://cdn.shopify.com/s/files/1/0432/3957/1611/files/9060904473.pdf
- https://cdn.shopify.com/s/files/1/0444/6031/0695/files/vegetable_biryani_recipe_in_malayalam.pdf
- https://cdn.shopify.com/s/files/1/0431/6450/0122/files/talotorenupusazepoluguful.pdf
- https://cdn.shopify.com/s/files/1/0452/8862/0194/files/defoluxeso.pdf
- https://cdn.shopify.com/s/files/1/0437/8827/1773/files/calendar_2020_pakistan_download.pdf
- https://cdn.shopify.com/s/files/1/0437/7811/3690/files/famufadorumesuxilimomegi.pdf
- https://cdn.shopify.com/s/files/1/0430/0449/3987/files/risk_analysis_template_business_plan.pdf
- https://cdn.shopify.com/s/files/1/0433/9158/2357/files/pinemabukapozapupoxanul.pdf
- https://cdn.shopify.com/s/files/1/0463/8644/6491/files/pavugijeni.pdf
- https://static.usrfiles.com/ugd/d94ae5_9a8e4c1796004d00876d32782c456581.pdf
- https://static.usrfiles.com/ugd/21a131_7cda396628b64a728554f5eaed6b60b9.pdf
- https://static.usrfiles.com/ugd/590778_acd0fe10e4a24edc84be1b1c1140eaf7.pdf
- https://static.usrfiles.com/ugd/7ff653_07a6476640a6456cadec10633f4779d6.pdf
- https://static.usrfiles.com/ugd/de3d83_6df1e8a051634af9941a4b7f4d4d7760.pdf
- https://cdn.shopify.com/s/files/1/0431/0689/3985/files/53124048163.pdf
- https://cdn.shopify.com/s/files/1/0429/9869/4049/files/archaeology_as_anthropology_binford.pdf
- https://cdn.shopify.com/s/files/1/0437/8260/2913/files/22669227975.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008192.bin5ceb0ff9996823befcc2bfd60476f933075addb20d417ef80471cea22be05835 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8192 | 6052 bytes |
font_01_sfnt_off0000962f.bin1f329e8fcb4c6d0b66e737306cf524a09160cc914a09b7e9a7120900680d25b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x962F | 10316 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.