MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass of external links, masquerading as a Bollywood movie download lure. One of the primary links, 'https://ttraff.ru/wix?keyword=mp4moviez+bollywood+movies++hd', is identified as a malicious redirector. The document body is heavily obfuscated, but the presence of this malicious URL and the link farm heuristic strongly suggest a phishing or redirection attempt.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=mp4moviez+bollywood+movies++hd
- https://static.usrfiles.com/ugd/b8c837_25bc10c4aeab49bfb623038ca7ad96a6.pdf
- https://static.usrfiles.com/ugd/851c7c_52dc41547f714e82bc8796962da17074.pdf
- https://static.usrfiles.com/ugd/b8c837_c01a7e3269604e889dbd66ac2b4cfc82.pdf
- https://static.usrfiles.com/ugd/b8c837_b0dc529356d74907bc44537b8a4eda6a.pdf
- https://static.usrfiles.com/ugd/7ad284_2f7c40016d004b60bb6ef37f997289ec.pdf
- https://static.usrfiles.com/ugd/9d66c7_f90b86a83a6d40ca86068e33649cea09.pdf
- https://static.usrfiles.com/ugd/b8c837_1424bd56622a4d56a1e2ca8feeba0a69.pdf
- https://static.usrfiles.com/ugd/cdb50c_26b4c8a2e8a04a45ad5e2551b04b8b1a.pdf
- https://static.usrfiles.com/ugd/de65f7_df3f5c77d31f424cab2d5c8a7243f573.pdf
- https://static.usrfiles.com/ugd/b8c837_8674ca55ab884b7881aba10e2e0f5705.pdf
- https://static.usrfiles.com/ugd/ccb1c6_c667b093557a4a8ba348700e94608d13.pdf
- https://static.usrfiles.com/ugd/ef7b09_01ac8f1c40f141aa90a6986315d999e6.pdf
- https://static.usrfiles.com/ugd/05900a_4d7b6b895a4a4fc6bfc727849487ed50.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a956.bin35384d885306f5a0f8abd94b79459536868ddcca7037341c22a32e389bcf18e8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA956 | 7636 bytes |
font_01_sfnt_off0000bc4d.binf01ecef2b1b1d7ed722c80c70bfe118202c1e1cfdcabf70bcb224b04abb4a689 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC4D | 5432 bytes |
font_02_sfnt_off0000cec7.bin2700f179442927aafe86cf31f54e43f7dbccb606a444a13341e10176baf52f85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCEC7 | 1756 bytes |
font_03_sfnt_off0000d787.bina915158bc4be329a66d7261cd8d2e3d2b98d8be5404e99dedc457b3a7e9e4e62 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD787 | 13824 bytes |
font_04_sfnt_off00010458.binc1074d6059a5043f9884fc86bb2a843fc867186434070fea9a1bcb64c027c127 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10458 | 17548 bytes |
font_05_sfnt_off00011e8f.bina02af277de6550e2abfe5118e1eeda3bc4adcce60060f1f3886acc1cbfa3e3e5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11E8F | 6308 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.