MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1200 Hardware Add-in
T1059.001 PowerShell
The PDF file contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to a known malicious URL. Additionally, PDF_SEO_LINK_FARM suggests the document is part of a link farm, likely to improve search engine ranking for malicious content. The primary IOC is the malicious redirector URL, which is designed to lead users to further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=bloons+tower+defense+4+vendzor+games
- https://f058542c-9d1e-4563-95bd-a01e490516e1.filesusr.com/ugd/229b11_6b01643f76104ef991bf6fe6417c4d10.pdf?index=true
- https://3eab1417-8d07-4bd5-bde2-98ddd4a79187.filesusr.com/ugd/3f0e57_930e6cbd1cc24a369dac6d09032d0e17.pdf?index=true
- https://c94961f4-bf74-4d17-ad0a-ffe34f25855e.filesusr.com/ugd/e4a001_18a61320df12460aa315ee471cb47244.pdf?index=true
- https://cdn.shopify.com/s/files/1/0429/8683/2035/files/biblia_reina_valera_1995_apk.pdf
- https://cdn.shopify.com/s/files/1/0432/5244/9435/files/26389457327.pdf
- https://cdn.shopify.com/s/files/1/0481/5857/2693/files/dedue_tea_party_answers.pdf
- https://cdn.shopify.com/s/files/1/0437/1048/0533/files/videos_anabella_galeano.pdf
- https://cdn.shopify.com/s/files/1/0438/9847/0555/files/jutuwozubopufubaw.pdf
- https://e93613c7-2b56-42e0-b8db-c51d780e1b49.filesusr.com/ugd/221eaa_935f4e98cd0e4f4a84afcd50aee82a23.pdf?index=true
- https://2cd04e93-b2d7-4417-bb06-504350d0e581.filesusr.com/ugd/e80f4c_cda827c351ae4dc4975fce73010bd677.pdf?index=true
- https://707a56b9-5524-4731-b788-df1c82798dca.filesusr.com/ugd/d61b30_b5b15472b87a4c93a31fc29ae21e3489.pdf?index=true
- https://b2a275ef-d8fc-45be-887e-d24385b2b59b.filesusr.com/ugd/3be48b_a77aefb405dd49409d4fd8bcdbd806c5.pdf?index=true
- https://9900aa3e-0308-4cc1-80f7-529551abcc95.filesusr.com/ugd/8a9bcc_bc5785ce1e9647c8ac827cbf4466ac1c.pdf?index=true
- https://06b27b51-4efb-447c-98fc-1f1b81ca1d29.filesusr.com/ugd/9ec29b_8a72f7083b0046bfb8afd9f7f17ad4d0.pdf?index=true
- https://7ea6485a-337a-445d-8422-aafc9155e71b.filesusr.com/ugd/9ef0c3_c44dac2cc1c3463cae0babf13b86bd72.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005af9.bin2e2e1076226c21b5f67505990939eb7e5df8a9f260c4751b4869b6696c1819ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5AF9 | 5568 bytes |
font_01_sfnt_off00006e04.bin4ff0e88e39828d9199bea3ac4b08b8f881bf54d5a05ad2e4d56ce3efd21d2663 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E04 | 10628 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.