MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link disguised as a download button, aiming to trick users into clicking it. This link, 'https://ttraff.cc/wix?keyword=solidworks+2014+free+download+with+c', leads to known malicious redirector infrastructure. The document also hosts a large number of external PDF links, many pointing to static.usrfiles.com, suggesting a link farm or SEO poisoning tactic to improve search engine ranking for the malicious lure.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=solidworks+2014+free+download+with+c
- https://static.usrfiles.com/ugd/b8c837_7d6d61c0dedc41bf9f1d42eb19c0eb5a.pdf
- https://static.usrfiles.com/ugd/429b25_e038a1ec9f2149e7a1612a50bd2c61bd.pdf
- https://static.usrfiles.com/ugd/b8c837_94873d6420b6408291bef7a9084a226b.pdf
- https://static.usrfiles.com/ugd/6cf0f5_0158d9ebf8114d478c5ef367785fb31f.pdf
- https://static.usrfiles.com/ugd/834936_13be9f2a332d4c2ea73359b0cf67f71f.pdf
- https://static.usrfiles.com/ugd/b8c837_c5c3eec5cda04c8e9819206fed996b30.pdf
- https://static.usrfiles.com/ugd/b8c837_bf171a5ef2d744f5b6df74b9ed201237.pdf
- https://static.usrfiles.com/ugd/dfb5f8_34e09ecf3de4427f8a6fa9a4e843c08c.pdf
- https://static.usrfiles.com/ugd/b8c837_375a05807ce04b289c25bb17c0fdcfbd.pdf
- https://static.usrfiles.com/ugd/b8c837_255a84215a284ca88d45dcb08a210a2e.pdf
- https://static.usrfiles.com/ugd/e3ff21_431cfc9258c84bf194cd632ab9959c7e.pdf
- https://static.usrfiles.com/ugd/1a89c8_0b820c030f294d6c8cbc4ab8786d956a.pdf
- https://static.usrfiles.com/ugd/79e0dc_38341594a0bb474caf3cd947f7e15b58.pdf
- https://static.usrfiles.com/ugd/b8c837_5c16c48e193c450a899b13d3661be91d.pdf
- https://static.usrfiles.com/ugd/b8c837_4fb2f9cbee6942548e2d36f1f208073c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005ff3.binfbf750e12db7acf886436a3be263cefbaff646cf24c6c85694262c12f6b0f1e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FF3 | 5572 bytes |
font_01_sfnt_off000072ec.bin5fc68a20dd5f2b331cdef870b93674797975c7dace2ce7785cbd9b41548bbd23 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72EC | 10500 bytes |
font_02_sfnt_off000096dd.bin1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x96DD | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.