MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to malicious infrastructure. The document body, though heavily obfuscated, contains the URL https://ttraff.cc/pify?keyword=jawbone+up+move+user+manual+pdf, which is likely used as a lure. Another critical heuristic, PDF_SEO_LINK_FARM, indicates the PDF contains a large number of external links, predominantly to static.usrfiles.com, suggesting a broad distribution or SEO poisoning tactic. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=jawbone+up+move+user+manual+pdf
- https://static.usrfiles.com/ugd/e4ff69_5b9d51750b1a42059d19b83ad636c95c.pdf
- https://static.usrfiles.com/ugd/b8c837_660b14e04af94f5cbbb47d4e424fedcc.pdf
- https://static.usrfiles.com/ugd/bd1c09_4b7e976037744f3b9e38f646c9ff3052.pdf
- https://static.usrfiles.com/ugd/455f95_c142658dbca34d7fb03f192c4e30cbf4.pdf
- https://static.usrfiles.com/ugd/b8c837_202350c6c4b54632af88f8da9d74f51a.pdf
- https://static.usrfiles.com/ugd/77d535_f09f6b3c75aa435380c7454e010b5ef8.pdf
- https://static.usrfiles.com/ugd/0511f5_e2207d815b5341998de691e0fc2f2cbc.pdf
- https://static.usrfiles.com/ugd/0adedf_2fa1dc9702d34bab9f1ecae69c8738f1.pdf
- https://static.usrfiles.com/ugd/6166c9_a46f4537a6c34dc3be03918546a236e6.pdf
- https://static.usrfiles.com/ugd/b8c837_809096bc45d647aabe6144a7a1001dca.pdf
- https://static.usrfiles.com/ugd/3aee12_89fe9f99fef44e0dafc9c2bfd12f05ac.pdf
- https://static.usrfiles.com/ugd/b8c837_39b8b4365f7e4d7295fc93e10f219f40.pdf
- https://static.usrfiles.com/ugd/0511f5_3098446aaaff4cc5927f826a4df4c43a.pdf
- https://static.usrfiles.com/ugd/b8c837_e0ed17b457614172a03d70b814528e65.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057db.bina3e27a9b2b7b3557dfba8552b82aaad6f0c8e5ed8b654e51fe21c35ad9e70417 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57DB | 5468 bytes |
font_01_sfnt_off00006a6e.bin1c1946ec3c3ccc7aae5f1daf2ef9ae9db14380af5e6aac43241e49c273d38eec |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A6E | 9956 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.