MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF document contains a link disguised as information about Roblox, which redirects to a malicious domain (ttraff.cc). This is further supported by heuristics indicating a malicious redirector and a link farm. The document's content and structure suggest a lure to trick users into visiting malicious sites, potentially for phishing or malware distribution. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Remote-support tool lure high SE_REMOTE_SUPPORT_LUREDocument instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=how+to+get+into+roblox+studio+on+ipad
- https://static.usrfiles.com/ugd/3bca44_e0e79653f46b4d05b12e0a4b7899319e.pdf
- https://static.usrfiles.com/ugd/b8c837_4bf834038ac2425ab653fe22675e28e1.pdf
- https://static.usrfiles.com/ugd/b8c837_b33e644d46cb465c9b02b6d1cc491979.pdf
- https://static.usrfiles.com/ugd/b8c837_2fdb5595d6d84fc2bf094d40cd297c78.pdf
- https://static.usrfiles.com/ugd/b8c837_7ee4e704c34d44f7b8f57bf85469214b.pdf
- https://static.usrfiles.com/ugd/b5472a_68755065486a42a4832f7d8bd70e08c6.pdf
- https://static.usrfiles.com/ugd/b8c837_b138767270c64068940a98cd6309e082.pdf
- https://static.usrfiles.com/ugd/b8c837_ecca063486524e0cb3f99abcde058261.pdf
- https://cdn.shopify.com/s/files/1/0434/7605/8274/files/importance_of_after_sales_service_to_customers.pdf
- https://cdn.shopify.com/s/files/1/0434/9978/2309/files/adolescent_counseling_worksheets.pdf
- https://cdn.shopify.com/s/files/1/0428/3600/0931/files/carols_by_candlelight_2018_melbourne_tv_guide.pdf
- https://static.usrfiles.com/ugd/b8c837_8b93aab9b6534946a35ba9b8ba8cb8e9.pdf
- https://static.usrfiles.com/ugd/b8c837_4364837c90e34bed80cf35080e482e5a.pdf
- https://static.usrfiles.com/ugd/b98abb_57a0fcbd31794b83b104541a3f54479a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000053a7.bin8c280ea16aad49c70cbbb697b2fe5303d1ea37354d315db22f28125716a1147c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x53A7 | 5388 bytes |
font_01_sfnt_off00006612.binab1c1386f80066e2c309e497dd4311135060f71288b903f969c995a5827e1064 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6612 | 10352 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.