MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass of external links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains text related to insurance and the malicious URL. This suggests the PDF is designed to trick users into visiting a malicious site, likely for phishing or to download further malware.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=hausratversicherung+huk24+test
- https://static.usrfiles.com/ugd/b8c837_31d8b11be27e4e3fba4150704e3391fa.pdf
- https://static.usrfiles.com/ugd/b8c837_643a3d6b40044df5892cf9ad916c9726.pdf
- https://static.usrfiles.com/ugd/b8c837_2fe25d6526324c378ceb3e72ea834f89.pdf
- https://static.usrfiles.com/ugd/b8c837_02b4302d4f1043058007fd589118c5d8.pdf
- https://static.usrfiles.com/ugd/b8c837_a0d94ff95558444b8022f497068e32ae.pdf
- https://static.usrfiles.com/ugd/b8c837_31862c9f39b64637ba7bac4ac87c4ad1.pdf
- https://static.usrfiles.com/ugd/b8c837_03fabe0c4f734b85b60c8473cbeac064.pdf
- https://static.usrfiles.com/ugd/b8c837_5ab88d13d7d44d0288ab190757688216.pdf
- https://static.usrfiles.com/ugd/b8c837_33b346c0979a488581d3e6caddb636f1.pdf
- https://static.usrfiles.com/ugd/b8c837_5440d184688d43d0b1e0859c0cbdfd02.pdf
- https://static.usrfiles.com/ugd/b8c837_68fc379e71e04c61acf0f4fe56d9f134.pdf
- https://static.usrfiles.com/ugd/b8c837_847600236a9d42ee85982da61d0b7367.pdf
- https://static.usrfiles.com/ugd/b8c837_3dadca1a3511476bbd9011da8b4af329.pdf
- https://static.usrfiles.com/ugd/b8c837_1af16ffb28e6454c916cbb9a6fc20157.pdf
- https://static.usrfiles.com/ugd/b8c837_e5851b7d7c97454088283c3c9af42434.pdf
- https://static.usrfiles.com/ugd/b8c837_9fc63c1e41314684a53ebc2737f0a5e2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000071c4.bin6fda0ca2032cdcc5d27a6d8c845032873ff75b1a90d9af3d53abc1b71c5c7914 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71C4 | 5336 bytes |
font_01_sfnt_off000083f0.bin2a3e16b015b09a358154478e4dcb291ad521783a59dfa51d82aaa5ce7d29b220 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x83F0 | 11456 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.