MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious Link
T1204.001 Malicious Link: Malicious Link
The PDF contains a mass of external links, including one pointing to a known malicious redirector. The document body and heuristics indicate a social engineering lure to install a browser extension or update, likely leading to credential theft or malware installation. The primary malicious URL is https://ttraff.cc/pify?keyword=chrome+web+store+apps+free.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=chrome+web+store+apps+free
- http://xemarenir.acaciatreecare.co.uk/uploads/1/3/1/4/131411150/fbb0bbfbf888d.pdf
- http://files.soxoflove.org/uploads/1/3/0/7/130776781/92cb67265514.pdf
- http://files.hillvalleyfarmdairygoats.com/uploads/1/3/1/4/131437941/7d945f7be7.pdf
- http://files.pureandsimplewellness.org/uploads/1/3/1/0/131071166/liwobimamidof.pdf
- http://files.passexpressmedia.com/uploads/1/3/1/3/131383456/3224379.pdf
- https://cdn.shopify.com/s/files/1/0428/6654/0711/files/lobuko.pdf
- https://cdn.shopify.com/s/files/1/0431/3035/5866/files/fojopugekexabixojij.pdf
- https://cdn.shopify.com/s/files/1/0449/4170/5384/files/guia_roji_carreteras_de_mexico_2020.pdf
- https://cdn.shopify.com/s/files/1/0431/6397/5835/files/hp_elitebook_8470p_drivers.pdf
- https://cdn.shopify.com/s/files/1/0431/7695/1965/files/81519398139.pdf
- https://cdn.shopify.com/s/files/1/0427/7728/0671/files/robotic_process_automation_seminar.pdf
- https://cdn.shopify.com/s/files/1/0431/0859/7927/files/86781840398.pdf
- https://cdn.shopify.com/s/files/1/0435/0545/1174/files/12460679771.pdf
- https://cdn.shopify.com/s/files/1/0432/7328/9888/files/biluzepebozetoteb.pdf
- https://cdn.shopify.com/s/files/1/0430/3038/0698/files/47745751672.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000060f5.bin11642ab93699ea8a9e89ed929f3b40e04beacdaea7bed7999331934c4685d3e2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60F5 | 5248 bytes |
font_01_sfnt_off000072b2.bind406666d8a14066162a46cefa26f63efb13abf5c187e564469a0d5b418df4c4c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72B2 | 10272 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.