MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one heuristic specifically identifying it as a 'PDF_SEO_LINK_FARM'. The primary malicious URL, 'https://ttraff.ru/wix?keyword=porque+amamos+helen+fisher+gandhi', is flagged as a malicious redirector. The document body, though heavily obfuscated, also contains this URL and numerous other links pointing to 'static.usrfiles.com', suggesting a coordinated effort to distribute malicious content through a link farm.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=porque+amamos+helen+fisher+gandhi
- https://static.usrfiles.com/ugd/b8c837_2f89acf1dc964d64bbb991bcf2a82451.pdf
- https://static.usrfiles.com/ugd/b8c837_9c29b7e70c884c9f9c1d1b44e6d7cdb0.pdf
- https://static.usrfiles.com/ugd/b8c837_04c8d2ed750348cc964112c5802ceda1.pdf
- https://static.usrfiles.com/ugd/b8c837_e7493162631d4435b092bae9165f26ed.pdf
- https://static.usrfiles.com/ugd/b8c837_964d35a497eb428086be5af45f294145.pdf
- https://static.usrfiles.com/ugd/b8c837_2340e696f5dc42019d3008791caf6d4b.pdf
- https://static.usrfiles.com/ugd/b8c837_c5576bb4e82e473a9abac39e90c939a7.pdf
- https://cdn.shopify.com/s/files/1/0433/3522/1403/files/achenbach_child_behavior_checklist.pdf
- https://cdn.shopify.com/s/files/1/0429/2490/0515/files/guzisopojesadimu.pdf
- https://cdn.shopify.com/s/files/1/0431/2019/7789/files/13573505715.pdf
- https://cdn.shopify.com/s/files/1/0431/4087/4408/files/xitufegamorujenatevuvu.pdf
- https://cdn.shopify.com/s/files/1/0430/7959/8229/files/tagulafagogowav.pdf
- https://static.usrfiles.com/ugd/b8c837_04040f7608d74a0495fb67801fd37b0b.pdf
- https://static.usrfiles.com/ugd/b8c837_b3b49f95a5c642d592cd8b27a3dfc7db.pdf
- https://static.usrfiles.com/ugd/b8c837_90e543a84ac842c8b8da92c186c818f7.pdf
- https://static.usrfiles.com/ugd/b8c837_5707c12e29d44e2ba63198a333392d98.pdf
- https://static.usrfiles.com/ugd/b8c837_c274e91da040459b9796b3f7d95bebb5.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000496a.bine4595a38e08961cc4c86f2b0a7c964abdc24a90c0406a8806fa11fda717f5044 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x496A | 5448 bytes |
font_01_sfnt_off00005bc5.bin26cdbcd57449eaf26518fcb47b9f61d2ba5c13cd6eb104b49a6bfdf87b883bab |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BC5 | 9924 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.