MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a lure related to 'Atoms and molecules class 9 ncert solutions pdf' and embeds a mass of external links. One of these links, 'https://ttraff.com/pify?keyword=atoms+and+molecules+class+9+ncert+solutions+pdf', is identified as a malicious redirector. The document body also contains numerous Shopify URLs, likely part of a link farm designed to improve SEO for malicious content. The presence of a fake invoice lure further supports the malicious intent.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=atoms+and+molecules+class+9+ncert+solutions+pdf
- http://files.hollymsmithphotography.com/uploads/1/3/0/7/130739715/dac13ce.pdf
- http://files.frechettefarms.com/uploads/1/3/0/9/130969403/xukukewefarizarek.pdf
- http://files.ineslampreia.com/uploads/1/3/2/7/132712326/0a2a2aa.pdf
- http://files.millerunitedmethodistchurch.com/uploads/1/3/1/0/131070030/5370156.pdf
- https://cdn.shopify.com/s/files/1/0433/4141/4555/files/vozakimajodoza.pdf
- https://cdn.shopify.com/s/files/1/0430/8090/8949/files/dopufobuwe.pdf
- https://cdn.shopify.com/s/files/1/0428/6509/8908/files/97397107174.pdf
- https://cdn.shopify.com/s/files/1/0450/7402/2550/files/eddie_torres_volume_1.pdf
- https://cdn.shopify.com/s/files/1/0434/6265/6152/files/integral_calculus_questions_and_answers.pdf
- https://cdn.shopify.com/s/files/1/0431/6214/0840/files/53090989756.pdf
- https://cdn.shopify.com/s/files/1/0432/4484/7266/files/36076210930.pdf
- https://cdn.shopify.com/s/files/1/0429/1087/5815/files/1975194838.pdf
- https://cdn.shopify.com/s/files/1/0437/9131/9201/files/cfb_boiler.pdf
- https://cdn.shopify.com/s/files/1/0430/9227/9460/files/bizebagezavude.pdf
- https://cdn.shopify.com/s/files/1/0432/2312/2084/files/28298891164.pdf
- https://cdn.shopify.com/s/files/1/0432/9324/5590/files/sufanugafaluvade.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cfd.bine201a12b68ab10a9255853b6d4c9e8e96b88994d4aba7dec86036be8648aeec3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CFD | 5448 bytes |
font_01_sfnt_off00007f67.binfaf5483f68347be0267ef43165e56432252456934d7115d9099215231539a72d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F67 | 10180 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.