MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link disguised as a download for an Android application, which is a common social engineering tactic. The primary link points to a known malicious redirector, likely intended to lead the user to a malicious site or download. The PDF also contains a large number of embedded links, many of which point to the static.usrfiles.com domain, suggesting a link farm or redirection strategy.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=internet+speed+meter+android+apk
- https://static.usrfiles.com/ugd/8aba0c_627c656724b24a6da0c91c42c6b1fff7.pdf
- https://static.usrfiles.com/ugd/5e8de6_53a38a0da88c4765977f66f4ad668683.pdf
- https://static.usrfiles.com/ugd/97493d_1db3f775b33f4f04919760259af6afa5.pdf
- https://static.usrfiles.com/ugd/2ac701_56aba3e61c2d4369a527ce745b8b01f1.pdf
- https://static.usrfiles.com/ugd/5ed537_9e7b2f3d815b4ac7bd5d1b2bda3cc8ed.pdf
- https://static.usrfiles.com/ugd/f99735_b42307381b694a5b8d69f5ff5716fa09.pdf
- https://static.usrfiles.com/ugd/21e6f2_e611150b232e476191c0afe75871ef7e.pdf
- https://static.usrfiles.com/ugd/baa514_d781b28eb5844c52a203cf8a13bfebc5.pdf
- https://static.usrfiles.com/ugd/4ae4db_983d2b1af00f462eb391de75b0113d7d.pdf
- https://static.usrfiles.com/ugd/bc0d1e_04c6f84e763641b886b6040a2d496409.pdf
- https://static.usrfiles.com/ugd/4b7290_90da5f98ab1f428a8bd2d3151c454886.pdf
- https://static.usrfiles.com/ugd/ab922d_4a06e283038947439f29bf2dd663e055.pdf
- https://cdn.shopify.com/s/files/1/0430/6763/7917/files/72215103650.pdf
- https://cdn.shopify.com/s/files/1/0428/2892/3046/files/exothermic_and_endothermic_reactions_worksheet.pdf
- https://cdn.shopify.com/s/files/1/0437/9725/0205/files/aloha_airlines_flight_243_ntsb_accident_report.pdf
- https://cdn.shopify.com/s/files/1/0430/8579/1383/files/fuzanowosefenivi.pdf
- https://cdn.shopify.com/s/files/1/0428/7227/5103/files/vigipuben.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00008b2d.bin215b29a0afbd64dc84c41b6b92d2b5faa0eccaa9e053795bd58b7e49bd5cd753 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8B2D | 17204 bytes |
font_00_sfnt_off00005647.bincd3c0c6aa0c858ea1e53093d75ce712ea050056f497a77ed2a9dacfd950e58e2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5647 | 5072 bytes |
font_01_sfnt_off0000676d.bin4a13c5570c3661f8f6a0e7e3b618f19af0a3203e7288be72bd9fbc957436e2b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x676D | 10376 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.