MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded links, many of which are part of a link farm. One critical heuristic identified a malicious redirector link pointing to 'https://ttraff.com/wix?keyword=canon+mf240+driver'. The document body also contains text and visual cues suggesting a download lure, further supporting the malicious intent. The presence of a download button lure and the redirection to a known malicious domain indicate a phishing or social engineering attack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=canon+mf240+driver
- https://static.usrfiles.com/ugd/a4e402_33dc9948c3e44d1ebd8387d839d51045.pdf
- https://static.usrfiles.com/ugd/12745a_a1ae95c084664b3ea0139daf4df9fe0b.pdf
- https://static.usrfiles.com/ugd/a91264_16e64926aba1472da88e1ef37abd1587.pdf
- https://static.usrfiles.com/ugd/43d598_64459a741bd741babab55707ce5eb06f.pdf
- https://static.usrfiles.com/ugd/20d83a_58234665347e42ca9cbc1421f71ade88.pdf
- https://static.usrfiles.com/ugd/eda9ba_f4cfede5e3324d06928311443e1e8103.pdf
- https://static.usrfiles.com/ugd/b8c837_e60d38d172564e7582d1c6a0d27d4e02.pdf
- https://static.usrfiles.com/ugd/20d83a_041cb03af9ee485d9aae53a50d3046a2.pdf
- https://static.usrfiles.com/ugd/0ebc1f_191e1e1bd9244a00b0901c6cf4deb4c9.pdf
- https://static.usrfiles.com/ugd/b8c837_2971500a16c6426c9a06f2667ab0b9e6.pdf
- https://static.usrfiles.com/ugd/b8c837_ce1ce81e67c94c0eb1b774aeb30db866.pdf
- https://static.usrfiles.com/ugd/b8c837_d94b033543fd4ea18abc292643af1d68.pdf
- https://static.usrfiles.com/ugd/078c79_b774bf4eecf947d1b85096e9ad54c6c3.pdf
- https://static.usrfiles.com/ugd/3f80ec_6e897939e05b425a84262ef74ce0a26e.pdf
- https://static.usrfiles.com/ugd/6846fe_1585095ad44c48a896e6618541845f83.pdf
- https://static.usrfiles.com/ugd/b8c837_caaba8d62c9f49278d45ca32e7757fe3.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000905d.binf36ab0bc02ec3c46b3a7aab5bdbc23a257e5eb77c73041dad1987b595b310ec9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x905D | 5172 bytes |
font_01_sfnt_off0000a1ea.bin5bdb5633423d51b6d2894d50f1bfd2bd2de99bee35e485c6a04cf0cd8ec54746 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA1EA | 15948 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.