MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The PDF contains a mass of external links, many pointing to Shopify domains, likely as part of an SEO link farm. One embedded URL, https://ttraff.com/pify?keyword=netflix+app+apk+android, is identified as a malicious redirector. The document also contains a visual call-to-action button, suggesting a lure to download content. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=netflix+app+apk+android
- http://files.francisxtobin-prresume.com/uploads/1/3/2/7/132740435/6563470.pdf
- http://files.bucklesandbeads.com/uploads/1/3/1/4/131453897/xesudebe.pdf
- http://files.220stopinjposevno.com/uploads/1/3/1/4/131455463/lapukuwusij-rowadukonam.pdf
- http://files.shophhbstore.com/uploads/1/3/1/6/131637374/wururabonolekipuwuri.pdf
- http://files.rydesouthflorida.com/uploads/1/3/1/0/131071256/8216883.pdf
- https://cdn.shopify.com/s/files/1/0433/2745/5387/files/ccna_service_provider_free_download.pdf
- https://cdn.shopify.com/s/files/1/0427/4946/0636/files/medical_nutrition_therapy_a_case_study_approach_5th_edition.pdf
- https://cdn.shopify.com/s/files/1/0433/5907/6502/files/44027223064.pdf
- https://cdn.shopify.com/s/files/1/0429/8443/9971/files/xinogogi.pdf
- https://cdn.shopify.com/s/files/1/0429/5370/3577/files/anti_inflammatory_diet_dr_weil.pdf
- https://cdn.shopify.com/s/files/1/0430/4837/0333/files/54196325154.pdf
- https://cdn.shopify.com/s/files/1/0429/8306/3715/files/11443083268.pdf
- https://cdn.shopify.com/s/files/1/0434/7002/8966/files/cub_cadet_xt1_owners_manual.pdf
- https://cdn.shopify.com/s/files/1/0439/2304/6555/files/2192506634.pdf
- https://cdn.shopify.com/s/files/1/0437/5887/8872/files/85515443994.pdf
- https://cdn.shopify.com/s/files/1/0440/6453/8776/files/willmington_guide_to_the_bible.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005959.bin496ed0e7057be1ecfdb5d375e608a135d8ceb296789b4182b32291cfa5da76c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5959 | 4960 bytes |
font_01_sfnt_off00006a4e.bin0f456123f357d73ffc457552924ba5ea6bee354421f8292345bf267f578e7098 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A4E | 10176 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.