MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF file contains a significant number of embedded links, with at least one identified as a malicious redirector. The primary malicious URL, 'https://ttraff.me/wix?keyword=langrisser+guide+hero', is likely used to lure victims to a compromised site. The presence of a large link farm suggests an attempt to game search engine results or distribute malicious content broadly.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=langrisser+guide+hero
- https://7fc96d01-d195-469b-861f-8919446b9d1a.filesusr.com/ugd/f09a9d_473747cea5124a6dabf264962ea4f102.pdf?index=true
- https://e43460be-b074-40b8-ab2d-07d425a08952.filesusr.com/ugd/9ff9b8_02f0e15f48104aa2ad256736a180a479.pdf?index=true
- https://139e6ece-f52d-4437-adbe-a32cf294e531.filesusr.com/ugd/65e777_f26c0d9575c9442abd8fc1c96d3a39b2.pdf?index=true
- https://929feda5-dee3-4149-9694-438f78edecd0.filesusr.com/ugd/e745be_56698597e61848dfb7c8fd158536c340.pdf?index=true
- https://71c45d81-77de-422b-9fa5-592daedb89f6.filesusr.com/ugd/359e64_b1f8c976b96549309f80515268859b9e.pdf?index=true
- https://cdn.shopify.com/s/files/1/0432/0316/6369/files/no_paso_nada_antonio_skarmeta_english.pdf
- https://129c4239-dab0-4aca-81db-fb75cb179d2e.filesusr.com/ugd/48d9a1_f6c218b274704865ac181cedeea78db7.pdf?index=true
- https://9cc289ad-e393-4ae5-a4f5-7536ad6fb4e4.filesusr.com/ugd/09c3c7_9a657126ba5a4601945f2dec4c6a47da.pdf?index=true
- https://ec29483f-a319-42ad-95df-bdab0548d11d.filesusr.com/ugd/c638b7_a49a6a4546834135baba1308541694b6.pdf?index=true
- https://cdn.shopify.com/s/files/1/0437/8234/0770/files/bbc_english_language_learning_free.pdf
- https://cdn.shopify.com/s/files/1/0434/7396/1126/files/78761437135.pdf
- https://cdn.shopify.com/s/files/1/0431/1059/6775/files/96022925716.pdf
- https://cdn.shopify.com/s/files/1/0437/3803/8426/files/dutalibimexebowubunafajun.pdf
- https://cdn.shopify.com/s/files/1/0432/3049/4878/files/guia_ada_2019_gratis.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://929feda5-dee3-4149-9694-438f78edecd0.filesusr.com/ugd/e745be_56698597e61848dfb7c8fd158536c340.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007651.bin1a8199eac86e25978df01770df6efc15d10ad9a4ef0ef79c9b1779835f339724 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7651 | 4996 bytes |
font_01_sfnt_off00008749.bin51a9038dc569fa354b767cf9ba2dd86b5f091a608dd3fad3a67a39bb464dbbd7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8749 | 10632 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.