MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded external links, a technique often used to create link farms for SEO poisoning or to direct users to malicious sites. One of the embedded URLs, 'https://ttraff.cc/wix?keyword=hour+of+code+code+commander', is flagged as a known malicious redirector. The document body, though heavily obfuscated, also contains this URL, reinforcing its role in the attack. The file's structure and the presence of numerous links suggest a delivery mechanism aimed at tricking users into navigating to potentially harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=hour+of+code+code+commander
- https://static.usrfiles.com/ugd/7ea8bb_9ccd720bd03a466888d15fadbebb549e.pdf
- https://static.usrfiles.com/ugd/ff2e72_829b8cecd2dd4b8b964c7eef31b8da6b.pdf
- https://static.usrfiles.com/ugd/b8c837_83f92be164bc406182a4d39472faeb79.pdf
- https://static.usrfiles.com/ugd/d01287_b5fd5ba797ba4577ad122b4ddd88c6c6.pdf
- https://static.usrfiles.com/ugd/b8c837_37ebca5215094a1cb1e566d6df96baff.pdf
- https://static.usrfiles.com/ugd/b8c837_15a7d94fea334c708ab20de89bbd90e2.pdf
- https://static.usrfiles.com/ugd/b8c837_33e1cc63d4504eafa87113d5abcd29bb.pdf
- https://static.usrfiles.com/ugd/b8c837_8ab783d66b624c129b02028b7d30d5db.pdf
- https://static.usrfiles.com/ugd/b8c837_d7202ca3fb5d4b8d985085529222a7bb.pdf
- https://static.usrfiles.com/ugd/54fa57_380f7469098f4fab82d7d9f808f5d6ed.pdf
- https://static.usrfiles.com/ugd/764aaa_a4b3e24def964e55a2d7d7aa63d33e73.pdf
- https://static.usrfiles.com/ugd/5b5da7_747d78f0719a4182b0da0b2f04301962.pdf
- https://static.usrfiles.com/ugd/12f4eb_c551023203084f43936e5508bf24c937.pdf
- https://static.usrfiles.com/ugd/0f5b72_c4f776335a2b4a79b58fdfc5df373052.pdf
- https://static.usrfiles.com/ugd/ae15ca_6e4a2f91e4d941f3bdb96ce5545d8cbc.pdf
- https://static.usrfiles.com/ugd/6d59ab_2cb2c074cdd2435791d623081bccd92a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009816.binb8ec01d313e726965eac473e010f92c0b2a798ad34e9014ed68f03638fe03ef9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9816 | 4920 bytes |
font_01_sfnt_off0000a8b8.binef46c1a0e135ed74a90ef8457877b0c458d6073c3ae5985624b9ad6f7c0d3317 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA8B8 | 11080 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.