MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains heuristics indicating it is a malicious redirector and part of a link farm, pointing to external URLs. The document body, though partially corrupted, contains a URL that matches the redirector heuristic, suggesting a lure to a malicious site. The primary intent appears to be directing users to malicious infrastructure via the identified redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=dragon+age+inquisition+playing+to+win
- http://rakem.3shirescoaching.org/uploads/1/3/2/6/132682871/82001b795682562.pdf
- http://files.anngenuity.com/uploads/1/3/0/7/130776103/1766126.pdf
- http://gemule.terrifraserstudio.com/uploads/1/3/2/6/132695675/nomerixutujowafoliz.pdf
- http://files.brainleakage.com/uploads/1/3/2/6/132695531/5d78d6.pdf
- http://mekulike.jacquelinereich.com/uploads/1/3/1/6/131636789/6562201.pdf
- https://b025085e-b063-43d6-afe3-e9a8c645dbcd.filesusr.com/ugd/99a8f2_c835c9497dbf4f4baa18dc1f7e88f4a9.pdf?index=true
- https://2427a8d7-9f90-4892-99bb-2bc0f6847591.filesusr.com/ugd/66f7a0_79c03f3818cb48fb94bda2b31a4e03aa.pdf?index=true
- https://af341219-6ed4-41b0-b483-2d32ff2ba4c4.filesusr.com/ugd/21a131_33933071208c461bae431ee609b74917.pdf?index=true
- https://ba5dfe19-07ef-4cf9-9fa5-a29541cafc7e.filesusr.com/ugd/0182ef_0749cb0347af4e438bd105433c1508c4.pdf?index=true
- https://cc7347be-7157-4e31-9b4f-40ec9ab37ee9.filesusr.com/ugd/b81754_325c0390a8114ccabe967ea025f076a2.pdf?index=true
- https://63a9069c-2275-44af-8457-7cdf43ab7fc5.filesusr.com/ugd/1fa6dd_69ef57596277478f925be009d496c5e3.pdf?index=true
- https://624b21ae-af95-470c-a233-76b88d8cdb77.filesusr.com/ugd/87ad98_db9ccddbff2447a1b4e1ee9888546123.pdf?index=true
- https://b731b4c0-edeb-4a76-a0d2-fcdf580e0bff.filesusr.com/ugd/66f3f9_07c7cecad19f41de84784f05adb12f84.pdf?index=true
- https://6cdcb771-820a-4583-877e-6bea40641132.filesusr.com/ugd/e1d12c_4b4edc50ecb94248ab2dae3473e3e40a.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://af341219-6ed4-41b0-b483-2d32ff2ba4c4.filesusr.com/ugd/21a131
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fa8c.bin0b5b640319a4e9a3a4db0939f62f86f15703cb62835197e50775ce9ac048650e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA8C | 5304 bytes |
font_01_sfnt_off00010cc3.binc097094dbc3b7f4d63e2d1c715e68353cb65543139375d7a35101e9baa3233b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CC3 | 10872 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.