MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link farm and a specific malicious redirector URL, suggesting a phishing or malware distribution attempt. The document body, though partially corrupted, contains text related to 'Angularjs book free download' and the malicious URL, indicating a lure to trick users into clicking the link. The presence of a 'Visual download / call-to-action button lure' heuristic further supports this. The primary malicious URL is ttraff.com, which is known for redirecting to malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=angularjs+book+free+download
- https://static.usrfiles.com/ugd/52b593_0e94c09796634443bef729df2c3f572c.pdf
- https://static.usrfiles.com/ugd/b8c837_1c6863ba88144bb3a23b51bf74ff5727.pdf
- https://static.usrfiles.com/ugd/b8c837_58e72965b70c4f628d11ef31b82863bd.pdf
- https://static.usrfiles.com/ugd/9e53d4_ccc7d575335d41b5af8e2a752d28c32c.pdf
- https://static.usrfiles.com/ugd/516793_60aeba465dcf480a956736dfed4a7fd7.pdf
- https://static.usrfiles.com/ugd/7598fa_9ea914dea4774b438806799665cacb5a.pdf
- https://static.usrfiles.com/ugd/b8c837_5360837f048243f5b64ed894b6c65273.pdf
- https://static.usrfiles.com/ugd/6908d7_c09e71e1b6d542a19c7fb1a8dec86e33.pdf
- https://static.usrfiles.com/ugd/286fb8_51f83af7cedc4e42a469e5b3f1e07c19.pdf
- https://static.usrfiles.com/ugd/b8c837_37ebca5215094a1cb1e566d6df96baff.pdf
- https://static.usrfiles.com/ugd/b8c837_b9767d14db0641d29797ede21fba75fc.pdf
- https://static.usrfiles.com/ugd/b8c837_508655159a0645a7909732b7f5967ee4.pdf
- https://static.usrfiles.com/ugd/b8c837_3270bd92a9ed44c6a1e819e0cae4c74f.pdf
- https://static.usrfiles.com/ugd/409ca8_540103ccce2040ffac0e0b2aefe707af.pdf
- https://static.usrfiles.com/ugd/5be868_c3a66c97c7f74ac59ace4e948a514da0.pdf
- https://static.usrfiles.com/ugd/b8c837_6266bfeccb6f4ed397cebcdb63f6a4ad.pdf
- https://static.usrfiles.com/ugd/b8c837_de1982beb60f4633a0fc9de9b3d86fd8.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000697a.bin98517134ddd79ebfa0a5d458b69ad978f7172c9748cad531041689ed3ab08cf0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x697A | 5436 bytes |
font_01_sfnt_off00007c1a.binb93d448f75f75cc249008c94a61501149628504b227abaa790f0d7568edffd94 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C1A | 10776 bytes |
font_02_sfnt_off0000a0e7.bin170f03d1b9065d54309489556a65884ffeb02d2aa2017a35362efa208a01407d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA0E7 | 16480 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.