MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/wix?keyword=babbu+maan+sharata+song+video'. This URL is presented within the document body, disguised as a song video, indicating a social engineering lure. The PDF also exhibits characteristics of a link farm, with numerous embedded links to external documents, many hosted on static.usrfiles.com. The primary malicious URL is the most critical IOC.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=babbu+maan+sharata+song+video
- https://static.usrfiles.com/ugd/b8c837_cc7314d89ecb4b708f05f87e66ad3582.pdf
- https://static.usrfiles.com/ugd/de60da_02d04baad56048d3b41fbf16bec61b3e.pdf
- https://static.usrfiles.com/ugd/cc3ca9_d1e5fbf6bf744762bfc4e189fdfe70e5.pdf
- https://static.usrfiles.com/ugd/ac72e0_ce14e3c99fd744119f29d756d143879a.pdf
- https://static.usrfiles.com/ugd/544e7e_e40baaf970ca4e349e5ea7b80607fcc7.pdf
- https://cdn.shopify.com/s/files/1/0429/1385/7692/files/canon_60d_manuals.pdf
- https://cdn.shopify.com/s/files/1/0430/8529/9876/files/blade_and_soul_summoner_build_2017.pdf
- https://cdn.shopify.com/s/files/1/0459/9185/4239/files/81862226894.pdf
- https://cdn.shopify.com/s/files/1/0428/0510/0707/files/45232948760.pdf
- https://cdn.shopify.com/s/files/1/0436/0844/0995/files/jegolodogebogelo.pdf
- https://static.usrfiles.com/ugd/9c43ec_5bc488d907624e958c248e8fc119e1d4.pdf
- https://static.usrfiles.com/ugd/87b9a8_a9d29e84a7ee41d9b3a58b3291fd1c16.pdf
- https://static.usrfiles.com/ugd/15cd4d_7448dcf771f046eaa13a330ac645da07.pdf
- https://static.usrfiles.com/ugd/3ab5ed_210d8d93459e426ca251f4d54a9b01ba.pdf
- https://static.usrfiles.com/ugd/2b25b5_a6b0e15eb15f4c27a60413f72c95704f.pdf
- https://cdn.shopify.com/s/files/1/0431/9241/8468/files/zakojorifir.pdf
- https://cdn.shopify.com/s/files/1/0437/3911/9765/files/trial_of_the_sea_lion_alliance.pdf
- https://cdn.shopify.com/s/files/1/0433/9482/6405/files/dijkstra_algorithm_python.pdf
- https://cdn.shopify.com/s/files/1/0467/8008/8473/files/3546121853.pdf
- https://cdn.shopify.com/s/files/1/0431/8904/3358/files/nosoxakifuvib.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057f2.bina6d09a879b740b4b94d9a0f347be5c0a72cdb940fdbc5555c20cb22ccd03eb5d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57F2 | 5456 bytes |
font_01_sfnt_off00006a59.bin72727716ea311ce849b119f5b947b1ade9817a000c1b2226771cbbd2ea4171fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A59 | 14204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.