Malware Insights
The PDF file contains embedded links that are part of a link farm, with many pointing to Shopify domains. However, one critical heuristic indicates a direct link to a known malicious redirector at 'ttraff.com'. The document body, though heavily obfuscated, contains the URL 'https://ttraff.com/wb?keyword=dyson%20am05%20manual', suggesting a lure to a malicious site disguised as a product manual. The presence of numerous external PDF links, many of which are hosted on benign platforms but some lead to unknown or potentially malicious domains, indicates a distribution mechanism for further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=dyson%20am05%20manual
- http://fiwev.artedk.com/uploads/1/3/2/6/132696323/degupiw.pdf
- http://koliset.tradervidz.com/uploads/1/3/1/3/131379824/1813425.pdf
- http://files.karmiconnection.com/uploads/1/3/0/7/130739490/f5402cf35117e39.pdf
- https://cdn.shopify.com/s/files/1/0431/5096/6950/files/citation_format_for_conference_presentation.pdf
- https://cdn.shopify.com/s/files/1/0444/5070/9671/files/inventions_list.pdf
- https://cdn.shopify.com/s/files/1/0431/2222/9397/files/84833242179.pdf
- https://cdn.shopify.com/s/files/1/0432/3658/9730/files/nutrition_diagnostic_terminology_2018.pdf
- https://cdn.shopify.com/s/files/1/0439/2802/7304/files/96512607159.pdf
- https://cdn.shopify.com/s/files/1/0433/6009/2315/files/carbon_nanotubes_uses.pdf
- https://cdn.shopify.com/s/files/1/0431/8072/0294/files/giwunef.pdf
- https://cdn.shopify.com/s/files/1/0481/9641/9741/files/36312094257.pdf
- https://2e9412aa-e272-447a-b1d4-1cfd59af203f.filesusr.com/ugd/24deb6_c240d352066d45a08f4bab19d3fce481.pdf?index=true
- https://6023bba1-2ead-4b0b-8a37-84e8de78cc96.filesusr.com/ugd/24853a_57ed8091e31e4cdf9d80d3edc4e6c85e.pdf?index=true
- https://6263390b-2ff7-4d73-82c9-169541db680e.filesusr.com/ugd/12daa7_0347c3fe883841a7ba61ce40ad749d07.pdf?index=true
- https://d1cd67e3-9b1c-472c-8ffe-2a99668c28b7.filesusr.com/ugd/4dbf3f_30d4e4d4ae224330981eda87b2110cda.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005967.bin3cf05a96bdad0184405be9bf00286c3d1d5de6d1b1508324027969f66d556675 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5967 | 5100 bytes |
font_01_sfnt_off00006ac0.bin72591bfce8bdc3108a2d1564f458e784fc26689bd1a964e1db23831d1577379d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AC0 | 10468 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.