MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'ttraff.com'. The document body, though partially corrupted, contains the same URL and text suggesting a lure related to 'budget 2020 highlights in kannada pdf'. The presence of a large number of external PDF links, many hosted on Shopify, further indicates a link farm or SEO poisoning tactic to distribute malicious content. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=budget+2020+highlights+in+kannada+pdf
- http://luxebo.jasontallon.com/uploads/1/3/0/8/130813612/dadagiwadavidibimi.pdf
- http://wisuf.anapuigrealtor.com/uploads/1/3/1/4/131407406/979108.pdf
- http://files.oceanaparkwelshstud.com/uploads/1/3/2/8/132815367/3165856.pdf
- http://files.subtleawakening.com/uploads/1/3/1/6/131607158/tofonir.pdf
- http://files.longsightnursery.co.uk/uploads/1/3/1/6/131606206/1600284.pdf
- https://cdn.shopify.com/s/files/1/0431/0525/5586/files/buckminster_fuller_critical_path.pdf
- https://cdn.shopify.com/s/files/1/0436/3105/0905/files/instaliker_for_instagram_ipa.pdf
- https://cdn.shopify.com/s/files/1/0434/0973/5845/files/13665619146.pdf
- https://cdn.shopify.com/s/files/1/0432/6404/9318/files/32430792728.pdf
- https://cdn.shopify.com/s/files/1/0436/2777/4115/files/31714599339.pdf
- https://cdn.shopify.com/s/files/1/0432/1338/9992/files/katowefesenibekuwezod.pdf
- https://cdn.shopify.com/s/files/1/0427/4749/4567/files/xumaxowabopofomanodozo.pdf
- https://cdn.shopify.com/s/files/1/0437/7228/0981/files/97108455353.pdf
- https://cdn.shopify.com/s/files/1/0437/9069/6597/files/love_song_ringtone.pdf
- https://cdn.shopify.com/s/files/1/0436/5529/9237/files/33302072398.pdf
- https://cdn.shopify.com/s/files/1/0437/8722/3198/files/70563128474.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/77084518355.pdf
- https://cdn.shopify.com/s/files/1/0430/5921/6537/files/zejunetomebibu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000055b7.bin24c594ed5a5f85a3ad6a7c4abbfa55de97b75c0290fe8f058370e8ee51205933 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x55B7 | 5364 bytes |
font_01_sfnt_off000067ec.bin9d513d778fc1aa07435aa6ca56e3b5fa935a7eafbc4ff15ae5b9a02cf1048363 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67EC | 10184 bytes |
font_02_sfnt_off00008ace.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8ACE | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.