MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/pify?keyword=fybsc+physics+practical+book+pdf'. The document body, though heavily obfuscated, also contains this URL and numerous other links to Shopify-hosted PDFs, suggesting a link farm or SEO poisoning tactic. The primary intent appears to be directing users to malicious infrastructure under the guise of providing a physics book.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=fybsc+physics+practical+book+pdf
- http://solowojo.bluesoxshop.com/uploads/1/3/1/4/131409090/c88c989.pdf
- https://cdn.shopify.com/s/files/1/0435/3431/9776/files/73199236080.pdf
- https://cdn.shopify.com/s/files/1/0437/9249/8850/files/88124042507.pdf
- https://cdn.shopify.com/s/files/1/0437/1814/8261/files/51947102904.pdf
- https://cdn.shopify.com/s/files/1/0431/9579/3557/files/apc_back_ups_es_350_manual.pdf
- https://cdn.shopify.com/s/files/1/0434/4784/5021/files/causes_and_effects_of_the_great_depression.pdf
- https://cdn.shopify.com/s/files/1/0430/0832/7829/files/12050334973.pdf
- https://cdn.shopify.com/s/files/1/0431/1888/7073/files/16187359638.pdf
- https://cdn.shopify.com/s/files/1/0431/6823/5682/files/78795899425.pdf
- https://cdn.shopify.com/s/files/1/0429/8542/2997/files/vipulumibakatij.pdf
- https://cdn.shopify.com/s/files/1/0447/7979/8679/files/los_ojos_verdes_gustavo_adolfo_becquer.pdf
- https://cdn.shopify.com/s/files/1/0431/4244/7253/files/53338807238.pdf
- https://cdn.shopify.com/s/files/1/0427/6633/6167/files/saints_row_3_character_creation.pdf
- https://cdn.shopify.com/s/files/1/0431/0417/4233/files/xopoveve.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005fa1.bin060491135fe78fac2fc8d69dae27bcac765a2a2a234486d2671ded227cae501c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FA1 | 5504 bytes |
font_01_sfnt_off0000724a.bin3ec5eaebde275098412d8dff0e1045b52b4c0e5a23abac5807418a6329e69f43 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x724A | 3204 bytes |
font_02_sfnt_off00007f3a.bin026de1076dad6614fee7b4839f066e743e4238b5ddea94259138cfcd618330b4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F3A | 2320 bytes |
font_03_sfnt_off0000898c.bin154f3504563847afd5238de1ae16a6e4786f5b67c360e71557d935218309bce1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x898C | 10180 bytes |
font_04_sfnt_off0000ac19.bin7a7e0f9cb89785dee93ecfbcc78ef93b5a18a5022886c2d5a0bf15d9412c15a0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAC19 | 16224 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.