MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link that redirects to a known malicious domain, ttraff.cc. The document body, though heavily obfuscated, contains text related to a 'project on adulteration of food for class 12 pdf' and the malicious URL itself, suggesting a social engineering lure. The PDF also contains a large number of external links, many hosted on cdn.shopify.com, which is indicative of a link farm designed to improve search engine ranking for malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=project+on+adulteration+of+food+for+class+12+pdf
- http://files.geauxwarhawks.com/uploads/1/3/1/4/131438611/vobof_rulatuxerova_rodivalejavus_dizoramalig.pdf
- http://lipeduf.krownandglory.com/uploads/1/3/0/8/130813765/radudo-tasesifaguzat.pdf
- http://files.7625400.com/uploads/1/3/0/7/130776449/6602464.pdf
- http://files.redteddypup.com/uploads/1/3/1/4/131483440/9122005.pdf
- http://files.esainhospitality.com/uploads/1/3/0/7/130775607/gedawuw.pdf
- http://files.redteddypup.com/uploads/1/3/1/4/131483440/9122005
- https://cdn.shopify.com/s/files/1/0428/6860/5095/files/fitupe.pdf
- https://cdn.shopify.com/s/files/1/0430/8520/1561/files/rivorowedisitulukegox.pdf
- https://cdn.shopify.com/s/files/1/0430/5757/8138/files/68657380168.pdf
- https://cdn.shopify.com/s/files/1/0433/4570/7162/files/mapum.pdf
- https://cdn.shopify.com/s/files/1/0433/7565/7121/files/btec_business_level_3_book_1.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/85213016947.pdf
- https://cdn.shopify.com/s/files/1/0429/9672/7962/files/85615189928.pdf
- https://cdn.shopify.com/s/files/1/0427/9202/6271/files/pilijizelivugonumoxemixet.pdf
- https://cdn.shopify.com/s/files/1/0434/7589/4422/files/51911216654.pdf
- https://cdn.shopify.com/s/files/1/0433/9721/8458/files/18483038026.pdf
- https://cdn.shopify.com/s/files/1/0436/0945/6803/files/83701707677.pdf
- https://cdn.shopify.com/s/files/1/0428/3088/9126/files/biozone_ap_biology_1.pdf
- https://cdn.shopify.com/s/files/1/0430/3863/8241/files/86837757883.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006671.binb9790ea6f60ef0c1cefb3d1692dcb9ae50f8973a1385705665d95685ee84d2f5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6671 | 5408 bytes |
font_01_sfnt_off000078ef.bin6ad3c664ee573d7cc96ae367ba1bcc1266202f2fab1114bbf5aa97951e230a5c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78EF | 10440 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.