MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to external resources. One critical heuristic identified a link to a known malicious redirector, specifically `https://ttraff.club/pify?keyword=bloons+tower+defense+5+android+apk`, which is designed to lure users into downloading potentially harmful content. The document body, though heavily obfuscated, also contains this URL and other links that appear to be part of a link farm, suggesting a social engineering tactic to distribute malware or lead users to phishing sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=bloons+tower+defense+5+android+apk
- http://tunuragu.apextravelogue.com/uploads/1/3/2/8/132814956/0f32dbbbc.pdf
- http://suriraz.basilyates.com/uploads/1/3/1/6/131606457/623440.pdf
- http://remafofos.wasbc.net/uploads/1/3/2/3/132303307/vawilorexizel_jitagobesorikuj_tamitulaje_tamovonepalurub.pdf
- http://files.effective-leadership.com/uploads/1/3/2/8/132814306/894129d2653231.pdf
- http://files.bradleylloydteach.info/uploads/1/3/0/7/130739351/1308313.pdf
- https://61027a1f-e5f7-4e11-83a3-9b799167df04.filesusr.com/ugd/b52961_e1e4bbc1e58245ee85d55c1a9e22b249.pdf?index=true
- https://796727c4-29a7-41a1-b4af-0ce2b22d8cc9.filesusr.com/ugd/5f5755_04c4e21ac0fb4723827ef766234dee9b.pdf?index=true
- https://071f7135-7594-462d-a4ff-e0a98698138d.filesusr.com/ugd/6cf0f5_fa3c49d65a6c465fbcc6240a045a4f21.pdf?index=true
- https://b812347d-34b1-46dd-ab44-f813a15eb042.filesusr.com/ugd/941881_177beba548464f7a9e64a8174174d2fd.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/8632/2600/files/gigarokigamuw.pdf
- https://cdn.shopify.com/s/files/1/0431/4791/9516/files/acupuncture_meridians_chart.pdf
- https://cdn.shopify.com/s/files/1/0431/2465/4241/files/watch_bride_wars_online.pdf
- https://cdn.shopify.com/s/files/1/0434/5797/0329/files/enseanza_aprendizaje_segun_autores.pdf
- https://cdn.shopify.com/s/files/1/0440/7256/6936/files/autodesk_360_field_android.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000609e.binfcb39f195e76921d97e9cb3d4f1def81edfa92638c628533136d24b020e32e06 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x609E | 5364 bytes |
font_01_sfnt_off0000730b.bin1232c16b0dc80f676314ca36a93ccf54476a49c556433c67059513de83bc605f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x730B | 10104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.