MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to the presence of a large number of embedded links, a technique often used for SEO manipulation or to redirect users to malicious infrastructure. One of the primary URLs, 'https://ttraff.ru/wix?keyword=pomeranians+for+sale+in+nc', is flagged as a known malicious redirector. The document body contains garbled text but also includes the same URL and several URLs pointing to static.usrfiles.com, which are part of a link farm.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=pomeranians+for+sale+in+nc
- https://static.usrfiles.com/ugd/b8c837_fba0567a109a46a6868974efd7aa2b5e.pdf
- https://static.usrfiles.com/ugd/b8c837_0c5db20b1182413285f81f951a5e9a2c.pdf
- https://static.usrfiles.com/ugd/b8c837_237568de05904230a47c5cca5fd92d27.pdf
- https://static.usrfiles.com/ugd/b8c837_982ba3c290874ee3ae1fe6249606b348.pdf
- https://static.usrfiles.com/ugd/b5472a_dcdb67c786414b14b18e41aec85f0c36.pdf
- https://static.usrfiles.com/ugd/b8c837_ce6250a253c848d9bf17ad1eedaefbd7.pdf
- https://static.usrfiles.com/ugd/b8c837_f3f3da13fa9c427aa5b2b4f9b8ae673e.pdf
- https://static.usrfiles.com/ugd/b8c837_0b6c745be44b4880b4906a0e94e2621d.pdf
- https://static.usrfiles.com/ugd/b8c837_97c468cfd3ee45e4b0c3034c15c84f8b.pdf
- https://static.usrfiles.com/ugd/b8c837_3e866402209b4a83b948a68f0bf0a07d.pdf
- https://static.usrfiles.com/ugd/38bf1f_3c1c635785894c8cbc5aa929278fb169.pdf
- https://static.usrfiles.com/ugd/067ecb_b15fd7377536430c8a3e9d6a572cd52a.pdf
- https://static.usrfiles.com/ugd/b8c837_58411345d1bd491490161519b197cc46.pdf
- https://static.usrfiles.com/ugd/db1da1_c81a74db77aa4e68931b8f56399d3279.pdf
- https://static.usrfiles.com/ugd/804ff6_3d5e8366dad341e8bc7ab8aef1629de3.pdf
- https://static.usrfiles.com/ugd/cf79db_dfe20e890e53460bb8434ebf4204560e.pdf
- https://static.usrfiles.com/ugd/b8c837_e9b01d07d95c4b9e85287a58ed98cc9e.pdf
- https://static.usrfiles.com/ugd/764aaa_6d011d78e8794237b8acd112446d5b27.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064e0.bin04d482a22818edd25de202495646d9497f93aa57dd74181adae13b3f7aadead0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64E0 | 5028 bytes |
font_01_sfnt_off000075d6.bin8567f1ec7ff3a6495ffc91b7b2052a50da9de15dee28e591f9ea8c9009ef937c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75D6 | 10352 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.