MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1200 Hardware Addends
The PDF file contains a significant number of embedded links, identified as a PDF link farm. One of these links, 'https://ttraff.me/wix?keyword=batman+trilogy++in+tamil', points to known malicious redirector infrastructure. The presence of a visual download button lure further supports a malicious workflow. The document body is heavily obfuscated and contains the malicious URL, indicating an attempt to lure users to a harmful site.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=batman+trilogy++in+tamil
- https://static.usrfiles.com/ugd/d5cf39_bd3a900dccf042f983f48eae4131b35d.pdf
- https://static.usrfiles.com/ugd/ee6770_9bc5fc7068bd44a3a16fdb930a959352.pdf
- https://static.usrfiles.com/ugd/0b1cf2_d85694545cf64e788359cd785652d357.pdf
- https://static.usrfiles.com/ugd/4bb894_68af6ac8d07b48c0aa5c1d620b126823.pdf
- https://cdn.shopify.com/s/files/1/0431/1502/0449/files/kexewovuwapozukuse.pdf
- https://cdn.shopify.com/s/files/1/0454/2945/7064/files/tukimifenewoxidiwi.pdf
- https://cdn.shopify.com/s/files/1/0439/8107/8686/files/4546810812.pdf
- https://cdn.shopify.com/s/files/1/0434/1635/4978/files/86180662943.pdf
- https://static.usrfiles.com/ugd/90423f_516cffd725064a9eb1adf11105789011.pdf
- https://static.usrfiles.com/ugd/4e6dd5_649b3dfc72d248e99da3e1b63f5023fd.pdf
- https://static.usrfiles.com/ugd/b8c837_8b22e770c55d452cae69fb64fe715b82.pdf
- https://static.usrfiles.com/ugd/e2c6c1_be1420e406e04185857773ca2fbfb7e0.pdf
- https://static.usrfiles.com/ugd/b4a829_471b794be6414c108da8072ebbfbc11b.pdf
- https://static.usrfiles.com/ugd/e33828_a9d97f3775204fe199ec268840d6d2fa.pdf
- https://static.usrfiles.com/ugd/b8c837_5f60a37f7f08492e8341dd04e2b8b9e7.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000062bd.bin7124583323bcac9812ed6909d0e5d7cf743b39e50f8848d907eec136aee203a1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62BD | 4980 bytes |
font_01_sfnt_off0000739a.bindbaab8dcf32bfe64cb008f34eb54f5316f62236e8dffe3de49b44225404383a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x739A | 2656 bytes |
font_02_sfnt_off00007e98.bin19d579821e83c32cd478aefcb57f849508ece8625c42f2108810477b29a00d2f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E98 | 1936 bytes |
font_03_sfnt_off000087de.bind9d98894d0b32419da8b284b6153fe82d157674689c07767422d4a7ea9cfacf3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x87DE | 10612 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.