MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link that is identified as a malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure for a 'bteb routine 2019' and includes the malicious URL. The presence of a 'download button' heuristic further supports the social engineering aspect of this attack. The file is likely designed to redirect users to malicious content via the identified URL.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/pify?keyword=bteb+routine+2019
- https://static.usrfiles.com/ugd/a891c0_52a6c64691c84140b03a22253d88f4a8.pdf
- https://static.usrfiles.com/ugd/2ac701_6446dcb021684e4a9a811db736ebaba1.pdf
- https://static.usrfiles.com/ugd/0dd040_32e719591d9749a2a7949cda677fe594.pdf
- https://static.usrfiles.com/ugd/a107db_50f188386c334a67bdc369e2e4e9d169.pdf
- https://static.usrfiles.com/ugd/286fb8_c68d6b7654f44ae8bf2fbc717cf96a60.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/89709194360.pdf
- https://cdn.shopify.com/s/files/1/0435/6482/6783/files/zanoxefaraxudo.pdf
- https://cdn.shopify.com/s/files/1/0436/4101/2377/files/dutiwo.pdf
- https://cdn.shopify.com/s/files/1/0434/4659/9845/files/pisakag.pdf
- https://cdn.shopify.com/s/files/1/0432/2649/7182/files/resolipipixevavuxevo.pdf
- https://static.usrfiles.com/ugd/769f78_8d86554b3a5446408c72cfff94f91409.pdf
- https://static.usrfiles.com/ugd/b8c837_2f6107fba7ee425ba769464669ef6d58.pdf
- https://static.usrfiles.com/ugd/451461_50b7be0ea1c448338158030e6554c252.pdf
- https://static.usrfiles.com/ugd/143c98_fb0229c0fe3a45c08a6545cf5897ee57.pdf
- https://cdn.shopify.com/s/files/1/0439/4686/8891/files/cover_letter_template_for_primary_teacher.pdf
- https://cdn.shopify.com/s/files/1/0450/0871/5940/files/agneepath_songs_deva_shree_ganesha_pagalworld.pdf
- https://cdn.shopify.com/s/files/1/0433/9784/1054/files/57841790411.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066b9.binf0760a6e348fae26de5488c0374ca5a0c00923ce9b4010685961aea4c724dc23 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66B9 | 4932 bytes |
font_01_sfnt_off00007796.binbae5befc27dbb42ed38e4272e38cc734684bd6f904129a0a36199a4745e8d9cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7796 | 10820 bytes |
font_02_sfnt_off00009ad7.binbe7cc611dd9a1959798a4a662bc9a1bebaadd238346a09b1142a487c0f61e993 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9AD7 | 10044 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.