MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded external links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains the URL 'https://ttraff.me/wix?keyword=best+japan+guided+tours' which is flagged as a malicious redirector. The presence of numerous links to static.usrfiles.com suggests a link farm or SEO manipulation tactic, potentially leading to further malicious content or phishing attempts.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=best+japan+guided+tours
- https://static.usrfiles.com/ugd/b8c837_214e8e4a0f65477a8e8da88d859ad6ef.pdf
- https://static.usrfiles.com/ugd/8b2c09_1f00307c00a54403b61edc379c0002fe.pdf
- https://static.usrfiles.com/ugd/b8c837_65a89d287a984481afab65a9a83a6242.pdf
- https://static.usrfiles.com/ugd/69695d_b08d3f72447b4cca9e39ce64945d2e33.pdf
- https://static.usrfiles.com/ugd/d63aaf_754e491f4b344f67b115957ca3db4884.pdf
- https://static.usrfiles.com/ugd/0779a3_67de9e755fb2440bb7b3235f0ae26c81.pdf
- https://static.usrfiles.com/ugd/cbdbb6_c3996f711ad94f76bbf3a70650d15e6a.pdf
- https://static.usrfiles.com/ugd/868401_abab2a3ac6d0425b84c540bede89e9fd.pdf
- https://static.usrfiles.com/ugd/9219f8_fa923b0632614e17b4f9e79403aeddf6.pdf
- https://cdn.shopify.com/s/files/1/0431/7921/2959/files/101_algebra_problems.pdf
- https://cdn.shopify.com/s/files/1/0432/9432/6942/files/wixuxutujiwiwojosibiga.pdf
- https://cdn.shopify.com/s/files/1/0436/5480/7717/files/concise_guide_to_jazz_7th_edition.pdf
- https://cdn.shopify.com/s/files/1/0428/6716/3302/files/remugil.pdf
- https://cdn.shopify.com/s/files/1/0434/1635/4977/files/cctns_fir_assam.pdf
- https://cdn.shopify.com/s/files/1/0438/9611/1259/files/tremper_albino_leopard_gecko_care_sheet.pdf
- https://cdn.shopify.com/s/files/1/0435/9569/4239/files/zooka_pitching_machine.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/mevadijuxirefasu.pdf
- https://cdn.shopify.com/s/files/1/0434/5538/1669/files/vugixawegigepu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006d4d.bin74bed8f06132758a937051d8f72c3603a95c7a8c41858915888dff5a9b3dbebb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D4D | 5220 bytes |
font_01_sfnt_off00007f22.bind0e51bb66cfd995167ca8533975cbe83878d666cca8f01cf6afc32938c11877e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F22 | 9776 bytes |
font_02_sfnt_off0000a0d2.binb6527b3b9d967c2b0b3a14ae4887ea8f525d01b44e738925d213e253ca29b187 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA0D2 | 16868 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.