MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one heuristic specifically identifying it as a PDF link farm. The primary malicious link, 'https://ttraff.me/wix?keyword=nova+deadliest+earthquakes+worksheet', points to a known redirector. While the document body mentions 'Nova deadliest earthquakes worksheet', the overall structure and numerous links suggest a lure to external, potentially malicious, content rather than educational material.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=nova+deadliest+earthquakes+worksheet
- https://cdn.shopify.com/s/files/1/0431/5453/8656/files/minecraft_creeper_girlfriend.pdf
- https://cdn.shopify.com/s/files/1/0431/9959/4656/files/12836025522.pdf
- https://cdn.shopify.com/s/files/1/0434/4699/3063/files/zawaterupozixewomi.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/xeniwepisovera.pdf
- https://cdn.shopify.com/s/files/1/0448/1875/9842/files/peboligibudow.pdf
- https://cdn.shopify.com/s/files/1/0431/5653/7495/files/sikikamapixer.pdf
- https://cdn.shopify.com/s/files/1/0434/6265/6152/files/48076343033.pdf
- https://cdn.shopify.com/s/files/1/0432/1011/3188/files/ladies_kitty_party_invitation_templates.pdf
- https://cdn.shopify.com/s/files/1/0433/3902/2494/files/bizopokadez.pdf
- https://3f9890e0-3781-423d-bb8d-e44ff3b6cd62.filesusr.com/ugd/bcfc12_327787876915456395c2855b1da27ef3.pdf?index=true
- https://43640bf5-ff59-4537-b3b3-a218eb497acc.filesusr.com/ugd/3bbd68_6e1dfb1f969e493bb398979ac6c99b7c.pdf?index=true
- https://7da82b05-a30b-4a0e-b339-e99b411dcd8a.filesusr.com/ugd/7c1f05_0b5dd9074c7c4c46ba93046867d61ebc.pdf?index=true
- https://69a6cefc-a2a8-4472-81a1-c0293af1d2f9.filesusr.com/ugd/0d018b_8228af7f7c9d430b9071b1dabe6b74b9.pdf?index=true
- https://3188230e-7ae8-46d8-b1a1-49431ace8668.filesusr.com/ugd/227d0f_0cb1115f5ba54c7d8906894ab24b497a.pdf?index=true
- https://1084f42e-29bc-43ef-9337-d22fda8b8b32.filesusr.com/ugd/1e557c_ee80a65b94c640869853c6b67bd4da60.pdf?index=true
- https://228e4cf9-05ff-4237-833b-2ddeb2cf22a8.filesusr.com/ugd/d5415a_2d06e3bf029d4ae4af53d9527b892ea4.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005be3.bin0499d4339a4974cd55e2acc4bbcccba0049e7c88c1b8851f749feb2368892561 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BE3 | 5224 bytes |
font_01_sfnt_off00006db6.bind8e39b734565d5a56d0f2e364d4acc7cf19f3008dbc556d07ef8b3cab9bf5cfa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DB6 | 10516 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.