MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
The PDF contains a link farm and a malicious redirector, indicating a phishing or scam attempt. The primary malicious URL is https://ttraff.cc/pify?keyword=cbse+class+11+accountancy+ncert+pdf, which likely leads to further malicious content. The document body, though heavily obfuscated, contains references to educational material, suggesting a lure to entice users to click the malicious link. The presence of numerous links to Shopify-hosted PDFs, while many are benign, contributes to a link farm used to obscure the malicious redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=cbse+class+11+accountancy+ncert+pdf
- http://files.fritzassociates.com/uploads/1/3/1/6/131636941/rodabo.pdf
- http://files.guayamarestaurantsupplies.org/uploads/1/3/2/6/132695554/darumavamodede.pdf
- http://files.cbdfarmacyonline.com/uploads/1/3/1/8/131858287/7953328.pdf
- http://files.lakesuperiormqg.com/uploads/1/3/1/6/131606331/votatezavomos.pdf
- http://files.jessicaleighwellbeing.com/uploads/1/3/0/9/130969446/joniwaturagivifopasa.pdf
- https://cdn.shopify.com/s/files/1/0431/6063/3493/files/97221329873.pdf
- https://cdn.shopify.com/s/files/1/0435/3989/0327/files/95861938270.pdf
- https://cdn.shopify.com/s/files/1/0432/8092/4837/files/68128044199.pdf
- https://cdn.shopify.com/s/files/1/0428/9508/1625/files/18523028324.pdf
- https://cdn.shopify.com/s/files/1/0432/8275/9836/files/xawufido.pdf
- https://cdn.shopify.com/s/files/1/0429/2712/8735/files/vizirebelujuzaken.pdf
- https://cdn.shopify.com/s/files/1/0431/6309/1112/files/likibipebakaxirixukevizoz.pdf
- https://cdn.shopify.com/s/files/1/0432/2800/4507/files/65441755621.pdf
- https://cdn.shopify.com/s/files/1/0430/2041/9226/files/54522220540.pdf
- https://cdn.shopify.com/s/files/1/0430/2585/8711/files/10984660604.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/61403973964.pdf
- https://cdn.shopify.com/s/files/1/0427/9051/8940/files/dopurologilanufa.pdf
- https://cdn.shopify.com/s/files/1/0437/2443/9704/files/98168776373.pdf
- https://cdn.shopify.com/s/files/1/0434/0331/3315/files/nojunilokadevevoxer.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006745.bin31cf06ef9a7afd9ce5696701621e1f255223745c507f2a8c6a039cb3376bb04a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6745 | 5348 bytes |
font_01_sfnt_off00007988.bin5609b47e975d2bbb8e8fa90fca4cf39c3932c14d51a654f4ecd237cfee72fab9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7988 | 10020 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.