MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a prominent link disguised as a download button, directing users to a URL associated with malicious redirector infrastructure. The document body text explicitly mentions downloading an 'adobe pdf reader installer', which is a common lure for malware distribution. The presence of a large number of external PDF links further suggests a SEO-based link farm designed to attract unsuspecting users.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=download+adobe+pdf+reader+10.1.3+offline+installer
- https://static.usrfiles.com/ugd/a1fb72_315915015fc54fae920be10dc60461b4.pdf
- https://static.usrfiles.com/ugd/822ecd_e5d265c31db04e548ce6e81a0099b07f.pdf
- https://static.usrfiles.com/ugd/b8c837_ac9312f5205b4856a04b1b900453e37e.pdf
- https://static.usrfiles.com/ugd/cbdbb6_b956f05d2bc44f93b88e3e85a10baa7c.pdf
- https://static.usrfiles.com/ugd/b8c837_84925f555f054e87bcf7bacf60537fb1.pdf
- https://static.usrfiles.com/ugd/b8c837_5706dc71ac81497597232a735f013d13.pdf
- https://static.usrfiles.com/ugd/89363e_5d801e09c8524ebfa5ccd63d2c982b5f.pdf
- https://static.usrfiles.com/ugd/b8c837_953abfedc7f847508b178af1a1249c75.pdf
- https://static.usrfiles.com/ugd/b8c837_f233452c5c7f4ad3997400f5b8f625a5.pdf
- https://static.usrfiles.com/ugd/238140_b3ac2ae19ae940e495abce189cced4f4.pdf
- https://static.usrfiles.com/ugd/b8c837_d03c5b973cf44b979260c8ccfe8d9224.pdf
- https://static.usrfiles.com/ugd/b8c837_3b2b1b066dc141a9bbc45e3bdc29363e.pdf
- https://static.usrfiles.com/ugd/d3758e_c6e54640dd86429298885649d21f167f.pdf
- https://static.usrfiles.com/ugd/7e0eb0_05298978d64d4afdb13c21ebff2b13e8.pdf
- https://static.usrfiles.com/ugd/76156b_c950b686e2c444e0b1058e8a9b95cfff.pdf
- https://static.usrfiles.com/ugd/cb2bed_821d0a31c85941358dacf570332c47bc.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000063a5.bin7afb401f85ff988233daf2a6cde69688ea7f3bc5da984cf815c0f85e8076bcc8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63A5 | 5656 bytes |
font_01_sfnt_off0000770a.bin2630a59b74948291126104b7051f6e34169a22564c50995308b546d818770abb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x770A | 10112 bytes |
font_02_sfnt_off000099db.bin814af6ed012a992c32226250d6387d0998b1b61b623dbf162780ccc5ea4148f0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x99DB | 17100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.