MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to `https://ttraff.cc/pify?keyword=b.+ed+entrance+form+2018+du`. Additionally, it exhibits characteristics of a PDF link farm, embedding numerous external links, one of which is `http://files.jennyshepherdphotography.com/uploads/1/3/0/8/130814682/e6f3c54.pdf`. The document body, though partially corrupted, includes text suggesting a form or document title, and a low-severity heuristic indicates an urgency lure. These elements combined suggest a phishing or malware distribution attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=b.+ed+entrance+form+2018+du
- http://files.jennyshepherdphotography.com/uploads/1/3/0/8/130814682/e6f3c54.pdf
- https://cdn.shopify.com/s/files/1/0438/2952/6690/files/action_verbs_vocabulary_matching_worksheet.pdf
- https://cdn.shopify.com/s/files/1/0428/6621/3031/files/burger_king_coupon_august_2020.pdf
- https://cdn.shopify.com/s/files/1/0437/0196/0854/files/75256835898.pdf
- https://cdn.shopify.com/s/files/1/0431/6332/0471/files/1247067797.pdf
- https://cdn.shopify.com/s/files/1/0437/1133/2507/files/worogimemu.pdf
- https://cdn.shopify.com/s/files/1/0428/5802/1027/files/definition_and_importance_of_community_participation.pdf
- https://cdn.shopify.com/s/files/1/0433/2371/9845/files/xusupolevuliminogolikeba.pdf
- https://cdn.shopify.com/s/files/1/0429/9502/4033/files/kesotud.pdf
- https://cdn.shopify.com/s/files/1/0434/5652/8541/files/amenaza_de_aborto_tratamiento.pdf
- https://cdn.shopify.com/s/files/1/0429/8801/1673/files/muxuvamojux.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066fb.bin371288f461d7329e6df1c7a12e50e8b360f9edab31c81ba9f0a18f86196318c7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66FB | 5556 bytes |
font_01_sfnt_off000079c6.bin6539b129c5cd894636dc8f40f53a156c00c8f46378ab4f137c96d687a1cff6ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79C6 | 3720 bytes |
font_02_sfnt_off00008529.bin92ede79f3bdce7c4ef91c84f329fa86be425749ea40d049c621af49ccc6bad88 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8529 | 10376 bytes |
font_03_sfnt_off0000a8d7.bin4408d4d4459af501a08aa87400c52f8c9e4234a49d9340e86ba80f4455ceb9e5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA8D7 | 5068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.