MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains embedded links, with one specifically identified as a malicious redirector. The document body and heuristic firings indicate a lure for an advance-fee scam, presenting a fake 'advance payment approval format'. The primary malicious IOC is the redirector URL, which likely leads to a phishing or scam page. No scripts were extracted, and the PDF structure itself is the delivery mechanism.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=advance+payment+approval+format
- https://static.usrfiles.com/ugd/b8c837_ddb5693a4e1948ef990733007f7e0f32.pdf
- https://static.usrfiles.com/ugd/8cbfce_cc318e8e1a4249d5ab516bdb1f2dde44.pdf
- https://static.usrfiles.com/ugd/be19e1_b21172fcdf054fd9a437564611c5e2dc.pdf
- https://static.usrfiles.com/ugd/b8c837_d11437a55e144f4ba2404a42807a9aa8.pdf
- https://static.usrfiles.com/ugd/271e65_0f490f4541e94ba19e868b1205ba9891.pdf
- https://static.usrfiles.com/ugd/b56239_e579379bc14c423bacb6b5f6715e62f9.pdf
- https://static.usrfiles.com/ugd/8127dd_07c49696e17d4270b97d3bd4189eca73.pdf
- https://cdn.shopify.com/s/files/1/0431/5381/7749/files/kuppathu_raja_2019_tamil_movie.pdf
- https://cdn.shopify.com/s/files/1/0459/8146/6791/files/bach_art_of_fugue_sheet_music.pdf
- https://cdn.shopify.com/s/files/1/0430/3673/7699/files/wusosapamuginom.pdf
- https://cdn.shopify.com/s/files/1/0432/8026/9462/files/girizik.pdf
- https://static.usrfiles.com/ugd/b8c837_9babca9598b14045ad3889e6a2fec3ae.pdf
- https://static.usrfiles.com/ugd/e481ce_f4f20f7d16d8451688c9d9fe356c7bb7.pdf
- https://static.usrfiles.com/ugd/7041e4_de5983df92f3475eb007580c9bae2ee5.pdf
- https://static.usrfiles.com/ugd/769f78_8109b048f23e41c389dd06c1f514783e.pdf
- https://static.usrfiles.com/ugd/c0a468_acd69dc88b53494eafc4e95202ffb885.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005dbc.binbd01d9d4e4e3fccfe294dca545b2deaa823c26cf6077a1e016f643abe6393890 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DBC | 5276 bytes |
font_01_sfnt_off00006faa.bin55ae5f2893c5e46abc204d6b26ff6acd957b66793b72bb1867e618fd0e424602 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FAA | 11012 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.