MALICIOUS
142
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous embedded links, including a critical link to a known malicious redirector at 'https://ttraff.club/wix?keyword=ruler+measurements+inches+actual+size'. The document body, though heavily obfuscated, appears to contain text related to ruler measurements and includes this malicious URL, suggesting a lure to a phishing or malware distribution site. The presence of a QR code lure heuristic further supports a phishing pretext. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=ruler+measurements+inches+actual+size
- https://cdn.shopify.com/s/files/1/0433/9249/9877/files/mopesotegoka.pdf
- https://cdn.shopify.com/s/files/1/0433/6048/5534/files/94381456938.pdf
- https://cdn.shopify.com/s/files/1/0437/1791/8870/files/36085920642.pdf
- https://cdn.shopify.com/s/files/1/0430/2195/9325/files/soruxodanokagele.pdf
- https://cdn.shopify.com/s/files/1/0451/5836/7386/files/vubopozi.pdf
- https://static.usrfiles.com/ugd/7d1dc9_d3e8689e36a5463b92aa329a33db936d.pdf
- https://static.usrfiles.com/ugd/b8c837_a79fbc4fff6349d8a55de628fba08f0e.pdf
- https://static.usrfiles.com/ugd/0fdb6d_7ce83ee1e4a44cf7aca519f4aa900985.pdf
- https://static.usrfiles.com/ugd/b8c837_9220537f8c364af78591351a6a777901.pdf
- https://static.usrfiles.com/ugd/45e30f_52da16be8c4546a0b66f10fb6f3ef595.pdf
- https://static.usrfiles.com/ugd/b8c837_9697dd7740e74475badebf05d2c73e82.pdf
- https://static.usrfiles.com/ugd/b8c837_2826ded81f9641cfb74f3207228d1a8c.pdf
- https://static.usrfiles.com/ugd/b8c837_00ffb52c5f584c2089c81e9d5165916e.pdf
- https://static.usrfiles.com/ugd/b8c837_efd35249ba134561b3e8a6ddc2c84531.pdf
- https://static.usrfiles.com/ugd/cb2bed_913917d8a65c4b8cace91c62a82be45a.pdf
- https://static.usrfiles.com/ugd/e2c250_8db9e49fb79548818a65716dd06d0a01.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006448.bin2037bdd6a99de68e7f211ce6b38d141b07cd9f81f315fd4a8cc9a226faf36f1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6448 | 5096 bytes |
font_01_sfnt_off0000756d.bin33d59490ca60eef139e94400f64c0db2c32d8e20a5f59776d4b0f7fe5cee42e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x756D | 10248 bytes |
font_02_sfnt_off000098b4.bin1e7a7ce4192d6d957d4ba8e301ef6c509a0133afe2fe87fb40f4f13f36c174cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x98B4 | 16524 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.