MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with heuristics indicating a link farm for SEO manipulation. One of these links, 'https://ttraff.ru/pify?keyword=lagu+chrisye+kala+cinta+menggoda', is flagged as a known malicious redirector. The document body contains metadata and a URL, but no explicit malicious script or payload was detected. The primary attack vector appears to be luring users to malicious infrastructure through a deceptive link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=lagu+chrisye+kala+cinta+menggoda
- http://fobupux.williamsburgrec.com/uploads/1/3/0/8/130874422/lobuwexegaf-lonulisixajut.pdf
- http://files.murdockcounseling.com/uploads/1/3/1/1/131164081/nukokujo-visumal-bibepigon-zuvanufugidak.pdf
- http://gatik.academyofhirudotherapy.org/uploads/1/3/2/6/132681556/7875468af0.pdf
- http://files.sterlingenterprisesllc.com/uploads/1/3/1/3/131378868/1246182.pdf
- http://files.grasshopper5k.com/uploads/1/3/2/6/132695325/sabafev_tosefefovan_pelitudifilo.pdf
- https://cdn.shopify.com/s/files/1/0431/7567/4024/files/sejuxamudibumanulexupep.pdf
- https://cdn.shopify.com/s/files/1/0434/5649/5783/files/39152694797.pdf
- https://cdn.shopify.com/s/files/1/0429/5966/7363/files/40482338371.pdf
- https://cdn.shopify.com/s/files/1/0438/3847/2357/files/chicago_bears_schedule_2020_printable.pdf
- https://cdn.shopify.com/s/files/1/0431/5827/4205/files/kobun.pdf
- https://cdn.shopify.com/s/files/1/0429/6821/9799/files/92160703667.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/13578549785.pdf
- https://cdn.shopify.com/s/files/1/0431/7147/9713/files/moving_templates_for_powerpoint_free.pdf
- https://cdn.shopify.com/s/files/1/0432/4930/3720/files/67645391738.pdf
- https://cdn.shopify.com/s/files/1/0431/5879/8492/files/dezenewovezogadukub.pdf
- https://cdn.shopify.com/s/files/1/0431/7233/1675/files/lefapedareki.pdf
- https://cdn.shopify.com/s/files/1/0429/1044/9830/files/93885471712.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066aa.binb55e0352adc4d2bfa5c00d98e1d1c1366458558f02fb49aff132bce5c136c68d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66AA | 5460 bytes |
font_01_sfnt_off00007916.bin4ca6995fc2b436900b7f3c96ef57639af3e0bd0ee166422387945e8482e2c37f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7916 | 10144 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.