MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to external PDF files hosted on Shopify. One critical heuristic indicates a malicious redirector link to 'ttraff.com', which is likely part of a phishing or malware distribution chain. The document body, though heavily obfuscated, contains text related to 'audiovision video maker apk', suggesting a lure to download potentially malicious software. The presence of numerous external links and a malicious redirector strongly suggests a phishing or malware delivery attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=audiovision+video+maker+apk
- http://mapatema.livcowle.com/uploads/1/3/1/4/131453459/5340859.pdf
- http://files.teressafoss.net/uploads/1/3/1/4/131407369/busoxutuziviwobonumo.pdf
- http://zusedosu.eclectic-shamanism.com/uploads/1/3/0/8/130814328/wegodovigeka.pdf
- https://cdn.shopify.com/s/files/1/0427/4490/5884/files/tosijenejiwilisoza.pdf
- https://cdn.shopify.com/s/files/1/0427/5470/3526/files/niveseriwonujogineje.pdf
- https://cdn.shopify.com/s/files/1/0434/1035/8423/files/brew_uninstall_mysql.pdf
- https://cdn.shopify.com/s/files/1/0432/0133/1364/files/thaumcraft_1._7._10_guide.pdf
- https://cdn.shopify.com/s/files/1/0432/8964/1116/files/gexajifovufudebulakapowon.pdf
- https://cdn.shopify.com/s/files/1/0431/8029/4306/files/74039541624.pdf
- https://cdn.shopify.com/s/files/1/0429/5573/5199/files/46318554335.pdf
- https://cdn.shopify.com/s/files/1/0440/6696/3621/files/nujapejakafewulaxoguvumag.pdf
- https://cdn.shopify.com/s/files/1/0445/2777/9999/files/bowflex_powerpro_xtlu.pdf
- https://cdn.shopify.com/s/files/1/0429/2762/0249/files/65401062747.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/demotufilonameviv.pdf
- https://cdn.shopify.com/s/files/1/0443/1613/1484/files/mixed_modal_verbs_exercises_advanced.pdf
- https://cdn.shopify.com/s/files/1/0430/3981/7890/files/42448027875.pdf
- https://cdn.shopify.com/s/files/1/0438/3762/0381/files/ambrose_bierce_chickamauga.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006465.bin16c95ec4beb5f4f304a945a4cbe827a205722936e59e55f8860845b356c82927 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6465 | 5188 bytes |
font_01_sfnt_off000075f4.binc75739538cc0e3df443f2c60920b7da67ab4aca170677c609b9aee7deef949f6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75F4 | 9816 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.