MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com'. This link is presented within the document body, disguised as a service manual. The file also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to Shopify domains. The primary malicious URL is 'https://ttraff.com/pify?keyword=2015+polaris+ranger+570+service+manu', which is designed to lure users into clicking through to potentially harmful content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=2015+polaris+ranger+570+service+manu
- http://files.artistnik.ca/uploads/1/3/1/4/131455832/piwomosujaguvapirefu.pdf
- http://files.trimmedandtraveled.com/uploads/1/3/0/8/130874180/nelemekupexeg.pdf
- http://woxarug.kimberlybaker.ca/uploads/1/3/0/8/130813577/xevajububig.pdf
- http://files.valeriedubuc.net/uploads/1/3/1/4/131438113/muwixowuza.pdf
- http://files.smilecommunicationsgroup.com/uploads/1/3/2/6/132681002/vebevemiru.pdf
- https://cdn.shopify.com/s/files/1/0435/2085/2122/files/11686126866.pdf
- https://cdn.shopify.com/s/files/1/0437/8483/1125/files/auto_call_recorder_apk_free.pdf
- https://cdn.shopify.com/s/files/1/0433/6451/6005/files/nalafofifofatiruvanusad.pdf
- https://cdn.shopify.com/s/files/1/0434/9617/7816/files/dmv_va_manual.pdf
- https://cdn.shopify.com/s/files/1/0434/0046/2503/files/dupigelovoxuvawoginuwige.pdf
- https://cdn.shopify.com/s/files/1/0428/2525/3023/files/android_studio_adb_path_linux.pdf
- https://cdn.shopify.com/s/files/1/0428/7302/8775/files/mofikufimibegijir.pdf
- https://cdn.shopify.com/s/files/1/0430/3503/3757/files/78803810282.pdf
- https://cdn.shopify.com/s/files/1/0432/0926/1218/files/nakesemozitebujeneg.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/liwisubusamepumiv.pdf
- https://cdn.shopify.com/s/files/1/0441/1876/9816/files/hugoton_royalty_trust_annual_report.pdf
- https://cdn.shopify.com/s/files/1/0438/0898/1153/files/important_full_forms_for_general_knowledge.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006184.bin8e4de5115683880f57b755dd7775576d66c8b3cc85c1e623582eb3b313147442 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6184 | 5748 bytes |
font_01_sfnt_off00007500.bine855ad6b024eb15a860d820f7d42cec0d7627efd4f23d3079ed121bb1ecbed03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7500 | 12228 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.