MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass external link farm, with a critical heuristic firing for a malicious redirector. The primary malicious URL is https://ttraff.cc/pify?keyword=across+the+bridge+novel, which likely serves as a gateway to further malicious content. The document body, though heavily obfuscated, contains this URL and other Shopify links, suggesting a lure to download or visit malicious resources.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=across+the+bridge+novel
- http://files.windowcleanersvictoria.com/uploads/1/3/2/6/132695360/xegemujoru-dunifapafido.pdf
- http://files.islavistabicycles.net/uploads/1/3/0/7/130738998/xipuj.pdf
- http://files.heavyard.com/uploads/1/3/0/8/130813650/goverak-mitonobok.pdf
- http://files.windowwarehousedraperysupply.com/uploads/1/3/1/4/131483067/fimakidawatudopole.pdf
- http://files.archerygolfwi.com/uploads/1/3/1/4/131454024/wifadobi-fifowiz-nozonepujub-kokidej.pdf
- https://cdn.shopify.com/s/files/1/0430/8339/9321/files/87733878402.pdf
- https://cdn.shopify.com/s/files/1/0433/0032/3478/files/87176212915.pdf
- https://cdn.shopify.com/s/files/1/0433/8316/0995/files/vimolus.pdf
- https://cdn.shopify.com/s/files/1/0432/4907/4336/files/merriam_webster_thesaurus.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/20597849085.pdf
- https://cdn.shopify.com/s/files/1/0431/5525/9560/files/48879911417.pdf
- https://cdn.shopify.com/s/files/1/0434/8549/5453/files/bobusizar.pdf
- https://cdn.shopify.com/s/files/1/0432/1758/4283/files/define_organizational_development.pdf
- https://cdn.shopify.com/s/files/1/0434/1969/7308/files/62113185684.pdf
- https://cdn.shopify.com/s/files/1/0435/3641/6936/files/google_campus_brand_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0432/0677/0849/files/24954473594.pdf
- https://cdn.shopify.com/s/files/1/0461/3655/7736/files/beethoven_sonata_pathetique_sheet_music_piano.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009074.bin5a69942a78b064fa94addb57d5a59c0fee22ee60a81228bf4c5bccc421a2e640 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9074 | 5180 bytes |
font_01_sfnt_off0000a205.bin2d1419103f7baca24c443a0fa032df32a06c37f6d2dc492a48115ae64bf378fd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA205 | 2576 bytes |
font_02_sfnt_off0000abc2.bindac1f9ebc492148f7570819c6f2c30596d8e12fc889c7e8dd1695f2e8367044c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xABC2 | 10160 bytes |
font_03_sfnt_off0000cee5.bin6f05fcc33dc372c65fe8ed4596c490c1c5fa3e30d289e41d945a04c13f239fa5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCEE5 | 16780 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.