MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic identifying it as a PDF link farm designed to redirect users. One prominent URL, 'https://ttraff.ru/wix?keyword=hong+kong+weather+report+10+day', is flagged as a malicious redirector. The document body, though heavily obfuscated, contains text related to weather reports and includes this malicious URL, suggesting a lure to drive traffic to malicious infrastructure.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=hong+kong+weather+report+10+day
- https://static.usrfiles.com/ugd/b58d21_76877e538b4a4b61a41811751c42ce73.pdf
- https://static.usrfiles.com/ugd/f46427_7e1dde85006f4b319cdd6e0b3a97c95a.pdf
- https://static.usrfiles.com/ugd/b8c837_3fbd43e5beb14735a9fcf11d3ae562a0.pdf
- https://cdn.shopify.com/s/files/1/0428/8770/8825/files/61796686464.pdf
- https://cdn.shopify.com/s/files/1/0432/5824/9376/files/92239958704.pdf
- https://cdn.shopify.com/s/files/1/0435/6148/4447/files/red_hat_linux_administration_interview_questions_and_answers.pdf
- https://cdn.shopify.com/s/files/1/0434/5243/2537/files/performance_management_system_in_hrm.pdf
- https://cdn.shopify.com/s/files/1/0435/8314/4093/files/5089807888.pdf
- https://static.usrfiles.com/ugd/ef253e_0f4e8803c17d4944b89e34de1d7adac6.pdf
- https://static.usrfiles.com/ugd/b8c837_21c0617e784a4a3bb5ee37a8c58d0757.pdf
- https://static.usrfiles.com/ugd/3b7182_5084eff30a894f2d96ff503f768fa159.pdf
- https://static.usrfiles.com/ugd/c618e9_1dce4a3c33bc4af798cd2f3cf7857a38.pdf
- https://static.usrfiles.com/ugd/b8c837_ec4a275d710244c5a2b50610b0d6abd1.pdf
- https://static.usrfiles.com/ugd/9c43ec_d5fdb2a485ef4835bcf9ac3dddb8771d.pdf
- https://static.usrfiles.com/ugd/b8c837_2144100e9be34a09ba9a82ea531e3fca.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006398.bin913957cac33fd90a354c4f803fe5f9db65570401f2c99543ef7451e47a3543cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6398 | 5424 bytes |
font_01_sfnt_off00007621.bin5cf7bf29411e3c7e8eecd132d4ce73377fb3fb62076496296bb93b0c9735e321 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7621 | 10288 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.