MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded links, with one specifically identified as a malicious redirector. The document body, though heavily garbled, contains text related to 'famisafe location tracking' and includes the malicious URL, suggesting a lure for users to click through to a potentially harmful site. The presence of a link farm further indicates an attempt to manipulate search engine results or distribute malicious content broadly.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=telecharger+famisafe+location+tracking
- http://files.tim03jr.com/uploads/1/3/1/8/131856186/e4930d.pdf
- http://files.lsherman.com/uploads/1/3/2/6/132682862/8ea62a8c24f2d.pdf
- http://ferabeg.drewbufalini.com/uploads/1/3/0/8/130874493/bibaladaliza_bedojagurorejus_wagoxe.pdf
- http://roxolis.opobusiness.com/uploads/1/3/1/1/131164048/bajulozopala_rolamofe_napeledafoxi_wezufe.pdf
- http://files.missenglandsclass.com/uploads/1/3/2/3/132303151/1029591.pdf
- http://lasez.proseandcommas.org/uploads/1/3/0/8/130874455/3bc6a0ebc.pdf
- http://zolut.ryanjamesvideo.com/uploads/1/3/0/7/130738711/zifikibikak.pdf
- https://dea66520-d3a5-430b-b892-122f19b9e3ae.filesusr.com/ugd/384ea4_472a3b0799af4708b7b1afcdf1937112.pdf?index=true
- https://c1c36506-2fe3-40c1-990e-e380bb29b763.filesusr.com/ugd/99b222_a933502a9e8b4cca8a62279a5c7d4bd2.pdf?index=true
- https://4a6d9734-0f06-4cdf-bf0c-1c664f2ea9ae.filesusr.com/ugd/3de8a6_10dec62c6f364ab79241e9e1b8d111f7.pdf?index=true
- https://2ac9e6d1-97c7-479c-9e82-14022a6f30b7.filesusr.com/ugd/ff3115_6f21a409dd3643f0b3c2fbb4f21a7c45.pdf?index=true
- https://1be3c3e6-6478-499b-98dc-27bf0b7a4c41.filesusr.com/ugd/dc6899_be986d9e03ff41deb65bbdfcff2a2980.pdf?index=true
- https://1aa4b741-2162-4d92-97ab-230017e53649.filesusr.com/ugd/b9801a_0abf5e31e89f48aaaf86d4344a927117.pdf?index=true
- https://262ef035-ec77-4fb4-8962-af8e44b8a3a0.filesusr.com/ugd/cc3ca9_d950a07feced452699317c3e0621ca56.pdf?index=true
- https://ccfb3144-f5d9-46fa-82bf-55fe2f0821ab.filesusr.com/ugd/43d2fc_2d2c5dce4041498e930d5a7ef4cb956d.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006dcf.bin67b8faa595ffacc30861d0bd7a4e2079abde73a87f497bb0ceb8581b6c04ab8b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DCF | 5308 bytes |
font_01_sfnt_off00007fac.bin402125d6985c0504ae1f0829a3adb8046f58c721ac09703d7bd864f4dc7a6101 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FAC | 2640 bytes |
font_02_sfnt_off00008b4d.bin36306912cc47f78669370d9f1f27cf92838c748454a68ddf57779455058b94a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8B4D | 10168 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.