MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to Shopify domains hosting other PDFs, suggesting a link farm or SEO poisoning tactic. One critical heuristic identified a link to a known malicious redirector infrastructure at 'ttraff.cc'. The document body, though heavily obfuscated, contains the URL that leads to this redirector, disguised as a search result for a technical book. This indicates a social engineering attempt to trick users into visiting a malicious site.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=comptia+security++guide+to+network+security+fundamentals+-+standalone+book
- https://cdn.shopify.com/s/files/1/0434/6904/5926/files/vonediboladodemowidinot.pdf
- https://cdn.shopify.com/s/files/1/0437/2417/7576/files/46371843617.pdf
- https://cdn.shopify.com/s/files/1/0430/9201/7305/files/94033562912.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/tedogunugovosilogupex.pdf
- https://cdn.shopify.com/s/files/1/0431/3595/9191/files/chemistry_1st_secondary.pdf
- https://cdn.shopify.com/s/files/1/0438/9853/6091/files/characteristics_of_an_information_literate_person.pdf
- https://cdn.shopify.com/s/files/1/0430/4352/0666/files/bushnell_prime_rangefinder_manual.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/46150969179.pdf
- https://static.usrfiles.com/ugd/48f461_a705b768c52d42a385405b041d27022e.pdf
- https://static.usrfiles.com/ugd/06497e_58bf9bb686364cc089af9f120f3897af.pdf
- https://static.usrfiles.com/ugd/43d598_eb36a318d2f84e3bb81f7cd4dc81b2ab.pdf
- https://static.usrfiles.com/ugd/97493d_fd1d0aa23a2945ffb9693276a5a99dab.pdf
- https://static.usrfiles.com/ugd/b8c837_1199727eb6db4ef891fdadd5cfa11628.pdf
- https://cdn.shopify.com/s/files/1/0461/9947/2277/files/consort_guidelines_observational_studies.pdf
- https://cdn.shopify.com/s/files/1/0438/9001/6424/files/27260552724.pdf
- https://cdn.shopify.com/s/files/1/0436/4769/7049/files/61170518915.pdf
- https://cdn.shopify.com/s/files/1/0432/8423/4398/files/book_of_elijah.pdf
- https://cdn.shopify.com/s/files/1/0434/3490/1671/files/highway_capacity_manual_2016_free_download.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005568.bind6405e28d3c2965684bc080158415772902befb2c923b791552f4f710a7cac69 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5568 | 5812 bytes |
font_01_sfnt_off00006935.bin31fb4f1b2abe1d76fbe3ad392cb83919ee82e871a4201740cdbb97b9f99cf192 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6935 | 9892 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.