MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.001 Malicious Link
The PDF contains a link that redirects to known malicious infrastructure, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. Additionally, the PDF_SEO_LINK_FARM heuristic indicates a large number of outbound links, suggesting a link farm or redirection strategy. The SE_CALLBACK_LURE heuristic suggests a phishing or scam pretext, likely to trick users into clicking the malicious link. The document body, though heavily obfuscated, contains the URL that triggered the malicious redirector heuristic.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=hb600-24b+wiring+diagram
- https://static.usrfiles.com/ugd/b8c837_70c277f22ac2468082653bf955e79bc0.pdf
- https://static.usrfiles.com/ugd/b8c837_eb86dd28dddd431db3c7d90919001e36.pdf
- https://static.usrfiles.com/ugd/b8c837_3b80ef9bd19149168cb1e1563c759c2e.pdf
- https://static.usrfiles.com/ugd/b8c837_fdac5216c419411fbf86e9ccc374eabb.pdf
- https://static.usrfiles.com/ugd/b8c837_b576d709000b491d8c8a9ee063ba444f.pdf
- https://static.usrfiles.com/ugd/b8c837_1866dd4e82ba4919bbc9956aab0c2f54.pdf
- https://static.usrfiles.com/ugd/b8c837_2cef71c938cc471db271b92371283acb.pdf
- https://static.usrfiles.com/ugd/b8c837_1bb2aa7339834f3a8358bd9568f5b3e9.pdf
- https://static.usrfiles.com/ugd/b8c837_1bb02df74e0c4388b2052b7cbe492e65.pdf
- https://cdn.shopify.com/s/files/1/0430/4338/9597/files/darasewepiwebavuto.pdf
- https://cdn.shopify.com/s/files/1/0429/5216/3481/files/sikaxilovogikikotokiginag.pdf
- https://cdn.shopify.com/s/files/1/0447/6433/2181/files/knife_party_give_it_up.pdf
- https://cdn.shopify.com/s/files/1/0438/8398/7096/files/foludinagumuzazoxad.pdf
- https://cdn.shopify.com/s/files/1/0430/9952/1185/files/logo_game_answers_level_1_ea.pdf
- https://cdn.shopify.com/s/files/1/0428/9177/2063/files/25130249156.pdf
- https://cdn.shopify.com/s/files/1/0432/1899/3320/files/kefisi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000059aa.bind8b058ae5d2139eaf527afd5d2b587828e19074edfb89149b5c1b5a3c129e08d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x59AA | 5676 bytes |
font_01_sfnt_off00006cef.bin80dfd51a75e625a2ec59b7e60bc8a4c22e606e1bdf240b22d1925f2bf88fef23 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CEF | 9976 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.