MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/wix?keyword=i+got+the+hook+up+2+full+movie+123movies'. Additionally, it exhibits characteristics of a PDF link farm, with numerous links to benign-looking PDFs hosted on Shopify, likely for SEO manipulation or to appear legitimate. The presence of a 'download button' heuristic further supports the lure to click the malicious link. No scripts were extracted, but the primary attack vector appears to be social engineering via a malicious link.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=i+got+the+hook+up+2+full+movie+123movies
- https://cdn.shopify.com/s/files/1/0463/0872/0805/files/brembo_racing_catalog.pdf
- https://cdn.shopify.com/s/files/1/0432/0926/1218/files/taxonomic_classification_of_algae.pdf
- https://cdn.shopify.com/s/files/1/0429/9282/8579/files/appointment_of_auditor_in_agm_format.pdf
- https://cdn.shopify.com/s/files/1/0447/9025/1681/files/sejuviwidu.pdf
- https://cdn.shopify.com/s/files/1/0429/2401/5783/files/vuwufobisibenozimibo.pdf
- https://cdn.shopify.com/s/files/1/0431/4900/0864/files/arminianos_e_calvinistas.pdf
- https://cdn.shopify.com/s/files/1/0448/9651/8299/files/ravav.pdf
- https://cdn.shopify.com/s/files/1/0431/7354/4093/files/99155889377.pdf
- https://static.usrfiles.com/ugd/9f6a24_85bbe32c13a743d6bba5c569b54664d5.pdf
- https://static.usrfiles.com/ugd/b3bc21_fab1b4b2137d48bd93da6549e98c2153.pdf
- https://static.usrfiles.com/ugd/b8c837_632dc816256b42d1bbeacd3c617a18c7.pdf
- https://cdn.shopify.com/s/files/1/0434/5639/7464/files/babufomalunadi.pdf
- https://cdn.shopify.com/s/files/1/0428/2299/2028/files/broadsheet_brisbane_italian.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008498.bin1c4e97ac301494425dc1440411570dd6ebec4f13f3fd9da602a42164f4c4e581 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8498 | 5420 bytes |
font_01_sfnt_off00009711.bin8bb18cccb1372e8415e329a9579d0bfe4cf5fa82b99f3b44969a7e5fb5d39f12 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9711 | 10648 bytes |
font_02_sfnt_off0000bb89.bin723e6034cfa8adeebabcb44fcd9a81d05c7492831ad3e7dd1a7a87e114838b67 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBB89 | 16064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.