MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Link
The PDF file contains a lure impersonating a cloud document service, directing users to download cracked software. It embeds multiple links, one of which, https://ttraff.me/wix?keyword=nitro+pro+10+free+download+full+version+with+crack+64+bit, is identified as a malicious redirector. The document also functions as a link farm, pointing to numerous other PDFs hosted on static.usrfiles.com, likely for SEO manipulation to increase visibility of the malicious download lure.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Cloud document impersonation lure medium SE_CLOUD_DOC_LUREDocument impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=nitro+pro+10+free+download+full+version+with+crack+64+bit
- https://static.usrfiles.com/ugd/cc14e4_16695442c0194be0875f659e18450f32.pdf
- https://static.usrfiles.com/ugd/238140_0fc71c007f5845eaa68de51e44f71533.pdf
- https://static.usrfiles.com/ugd/f967ac_5be5fc423bdb4b99bc8caed91c67d830.pdf
- https://static.usrfiles.com/ugd/b6bf5b_c20fb9141fe3447a8308252042ab55ce.pdf
- https://static.usrfiles.com/ugd/b8c837_68c779775dc84d89981327673fac6f1a.pdf
- https://cdn.shopify.com/s/files/1/0432/7361/7576/files/liwofoxifun.pdf
- https://cdn.shopify.com/s/files/1/0433/5170/3706/files/jexeviwabuwixirevuxofatog.pdf
- https://cdn.shopify.com/s/files/1/0429/9846/4665/files/administracion_publica_ecuador.pdf
- https://cdn.shopify.com/s/files/1/0440/7744/9366/files/gozorobaliri.pdf
- https://static.usrfiles.com/ugd/7c30af_7fe4bec29af44178b9aa60585fc39a77.pdf
- https://static.usrfiles.com/ugd/b8c837_2cdd7914f6664c0fb4f3b3874868d185.pdf
- https://static.usrfiles.com/ugd/2ca09c_067cf26c29d341a7ab19b14a9ea2038b.pdf
- https://static.usrfiles.com/ugd/b8c837_d6aa5856e65c4a2897197dd5478ca743.pdf
- https://static.usrfiles.com/ugd/9ea9b6_3b5db2d2ccd84eeb98ad9e2c8c78d152.pdf
- https://cdn.shopify.com/s/files/1/0435/3762/9348/files/86068366344.pdf
- https://cdn.shopify.com/s/files/1/0432/5936/3488/files/bewokivoxuvodusenuwititug.pdf
- https://cdn.shopify.com/s/files/1/0434/0721/2694/files/25592923917.pdf
- https://cdn.shopify.com/s/files/1/0427/5650/5756/files/92481815521.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006dce.binbd3cc8143ddef9b422450266e079d438fb5898d85332860b5f949804f7413944 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DCE | 6004 bytes |
font_01_sfnt_off0000824b.bin7cd12fb3af3b33c7e813db0fa70692054e9c408f20eb22e8ce952ca5fb98f50b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x824B | 10844 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.