MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, a technique often used to create link farms for SEO manipulation or to redirect users to malicious sites. One critical heuristic firing indicates a direct link to known malicious redirector infrastructure. The document body, though heavily obfuscated, contains the URL 'https://ttraff.club/wix?keyword=st+charles+borromeo+bensalem+tuition', which is also flagged as malicious. This suggests the primary goal is to redirect the user to a potentially harmful site.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=st+charles+borromeo+bensalem+tuition
- http://files.shsvisualart.com/uploads/1/3/0/7/130738830/muxesa.pdf
- http://vazolu.cindysmallstudio.com/uploads/1/3/1/4/131454012/lukolufudolor-nudumis-xovavaxip-vinevozet.pdf
- http://kumonerun.sonriabody.com/uploads/1/3/0/7/130776603/7474807.pdf
- https://eec41f29-c2db-4e81-b9b4-0584e20f33f8.filesusr.com/ugd/154db6_90ababd57dd54273a291bd23b7ec7146.pdf?index=true
- https://75c30be6-ec5f-4d74-8895-7e11a7054ade.filesusr.com/ugd/162fe6_0cb45a8990d444ea98e7b969e741253a.pdf?index=true
- https://23c6e5a5-d0da-4185-b800-a59825db5807.filesusr.com/ugd/565485_2daa4fe856104bf0b50fad835ebfcf5c.pdf?index=true
- https://2a03864f-fcb2-44a7-a14a-9dd25c652e0e.filesusr.com/ugd/738632_bbd88280491348f5b1130114d3ba1567.pdf?index=true
- https://a256e27b-705b-40de-8cd9-47de42d1e9d3.filesusr.com/ugd/1813b3_ead224427dd2405fabe5e7e6aa901c1b.pdf?index=true
- https://c2985419-3ed3-4647-946c-8ab7d9c3abb9.filesusr.com/ugd/314c35_bcb04dfc91b14853b448f94da135ae54.pdf?index=true
- https://69a62f51-14b9-488c-8e6b-17a4ab8116d2.filesusr.com/ugd/a6e5e9_902535d49da443f0ade8aa8eed98c1ff.pdf?index=true
- https://1c6f2fa6-44f8-4f77-bd50-50797ded761d.filesusr.com/ugd/b1b3ad_6a7f998415f544a6913786e7794486fe.pdf?index=true
- https://a388b139-f6e0-4ca0-8935-bbce6ca40fcc.filesusr.com/ugd/974a4e_d5e5139f49f94683a41ef1ba4b275f36.pdf?index=true
- https://5d18caef-34b8-4be5-a857-dc346a3cdaa0.filesusr.com/ugd/9f6a24_cb3a80667d6648d2b1710c64e1795548.pdf?index=true
- https://4a2110eb-beca-4b83-bcb8-93c5685d2770.filesusr.com/ugd/95089d_3b3ff7c54aee4dacb08f430b3e3f5da4.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000062b2.bin3234ecd19e8361524e636da8a84d4ecb81ea4b90b032e49b0f98e8774229a85a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62B2 | 5284 bytes |
font_01_sfnt_off0000747b.bin34fddce62c0f285fbc425f5cd9009aceb3151b83d30ff69e154c0cefa54d8e7e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x747B | 10688 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.