MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a malicious redirector link, indicating an attempt to lure the user to a harmful external site. It also features a large number of embedded links, characteristic of a link farm designed to manipulate search engine results or distribute malicious content. The document body itself is heavily obfuscated and contains the primary malicious URL, suggesting it's part of a phishing or scam campaign.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=kinetic+energy+word+problems+answers
- http://files.togetheractnow.org/uploads/1/3/0/7/130776263/4588407.pdf
- http://files.theshiatsustudio.com/uploads/1/3/2/6/132683001/tutomulavo_megovukefulimu_vozurobekarafag_zewezemasugetor.pdf
- http://files.mysiafilms.com/uploads/1/3/0/7/130776264/babijofegabarofosexa.pdf
- http://files.mdlashesllc.com/uploads/1/3/2/6/132682868/boxejumipikag_feporoxosugavog.pdf
- https://13581442-a4d8-4820-8804-7805e44dc413.filesusr.com/ugd/ac8c68_b343f1561da64a038c5e9ba5fccd0dfe.pdf?index=true
- https://defdbc1f-c134-4251-be4d-19f9bff852b3.filesusr.com/ugd/418e76_0c25a64a60094d5f9b8c8f471d6be68b.pdf?index=true
- https://6a76a58f-da07-4b50-9287-0d4295539517.filesusr.com/ugd/565485_8fbed1fe97294fc4b29b6d4682ada4e1.pdf?index=true
- https://c7766d46-5ae0-4f63-8740-533eb4e6a2ba.filesusr.com/ugd/64f9d2_7d065966cb884dca892e4f32d05a889b.pdf?index=true
- https://37fa6f7c-12b0-4c53-97da-2bb9f36d0fe6.filesusr.com/ugd/a51aec_566fc4ad8eef47bcba06e61ef80c1e51.pdf?index=true
- https://41d0e2ca-59db-44f1-ace6-31955c696a5e.filesusr.com/ugd/9edd50_28c0da39ae3c4e4a87082196a41ba945.pdf?index=true
- https://4a428acb-1c1b-482c-bdc0-1410517201cc.filesusr.com/ugd/0bcf16_eee1f4eedee04840a72dc169b8acf22f.pdf?index=true
- https://733cd7fa-46a5-489c-8315-16819b9838ec.filesusr.com/ugd/d93890_0b8772b20b1c4ad29c63ce6861df1405.pdf?index=true
- https://fe210293-dae2-4081-bda7-950af5a4bb86.filesusr.com/ugd/7f46b5_c03441dfb50744c1973f868de45a9e15.pdf?index=true
- https://5c4e1f8d-6c40-4978-b4f0-1c1cdf19dc92.filesusr.com/ugd/99a8f2_ea9e9a8e52654fed80fe30fc70fbe0e8.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006207.bin165a574d539a801308aa26c3d9e121d025663959872a8735989e949680d46ed7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6207 | 5696 bytes |
font_01_sfnt_off00007568.binc2ea9969116421dc41a715c82ca78b75668cca38e72066b10d793407b26cdcb9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7568 | 10116 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.