MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains multiple heuristics indicating malicious redirection and a link farm. The document body, though heavily obfuscated, contains a URL that matches one of the extracted malicious links. The presence of a 'MFA / one-time-code harvesting lure' heuristic suggests the intent is to phish for credentials or session tokens. The primary malicious URL identified is https://ttraff.club/pify?keyword=smart+assessor+app.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
MFA / one-time-code harvesting lure high SE_MFA_LUREDocument asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=smart+assessor+app
- http://tosavidaf.theresajatko.com/uploads/1/3/1/0/131069934/8901281.pdf
- http://xajetubuj.saltydogtactical.com/uploads/1/3/1/8/131857419/a9f75de4593.pdf
- http://files.belindabucknell.com/uploads/1/3/1/3/131378975/tiborejotaxis.pdf
- http://tegopem.grangerlandrfd.com/uploads/1/3/2/7/132741100/43a2b5bff.pdf
- https://static.usrfiles.com/ugd/575363_d9fa279dc77545b7b4e881c3a8ad08ee.pdf
- https://static.usrfiles.com/ugd/6cf392_12bf6ed8536b4396b266cf8e463c3a00.pdf
- https://static.usrfiles.com/ugd/7041e4_9cc275c9b78c470283d10fc9da78e651.pdf
- https://static.usrfiles.com/ugd/11f207_1d570b3a3dec40f2b1050080c95786b5.pdf
- https://static.usrfiles.com/ugd/7ea8bb_0e4a0b407dc849628bc876aa284f2e20.pdf
- https://static.usrfiles.com/ugd/191a6d_57120a4cf1754830936de286619e71e1.pdf
- https://static.usrfiles.com/ugd/6116da_9d04e760046f4216a5ab0e31dca33978.pdf
- https://static.usrfiles.com/ugd/b8c837_021dee25c95341489ef6f70a4491334d.pdf
- https://static.usrfiles.com/ugd/c0b427_d4680483e34544f59aa6663fda75a259.pdf
- https://static.usrfiles.com/ugd/cb2bed_04fa02e3ec4942e58f5c4d5c60a332ed.pdf
- https://static.usrfiles.com/ugd/41f880_bcaec4a3525f43a190e93096fff0caf5.pdf
- https://static.usrfiles.com/ugd/b8c837_6aae4917859e4932aac2d8b100caaea6.pdf
- https://static.usrfiles.com/ugd/229b11_76ed29915ad0417cb66c065ee1510f80.pdf
- https://static.usrfiles.com/ugd/ea78e0_8c551df383844dd281ffe094e373cdf9.pdf
- https://static.usrfiles.com/ugd/a3b54b_282a0a659513454fae72934861c4038a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ug
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000078ed.bin6468e9b403bf35d67b0581fb258b6ac96af3dc66eedb1c4c507c32bcef84841e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78ED | 5036 bytes |
font_01_sfnt_off000089f0.bin5cd9cf35c314df273809efecc1378965710ce09dc275b7c140f18e81c7905bc8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x89F0 | 10340 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.