MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1200 Hardware Add-in Systems
The PDF file was flagged for containing a malicious redirector link and a mass external PDF link farm. The embedded URLs, including 'https://ttraff.club/pify?keyword=bodies+of+water+in+canada' and 'http://pimuwilik.authornicoleedwards.com/uploads/1/3/2/6/132681670/togelatefi.pdf', are indicative of a phishing or malware distribution campaign. The document body, though heavily obfuscated, contains these URLs, reinforcing their malicious intent.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=bodies+of+water+in+canada
- http://pimuwilik.authornicoleedwards.com/uploads/1/3/2/6/132681670/togelatefi.pdf
- http://files.michaeltmeier.com/uploads/1/3/0/8/130874569/vomubezero.pdf
- http://files.natural--living.com/uploads/1/3/1/4/131409055/9334523.pdf
- https://c7f71f42-354e-4ebc-b4ae-277388861267.filesusr.com/ugd/cc3ca9_1228b71dc8934ac3bca62c49a3ff17c1.pdf?index=true
- https://040d4067-b05d-49e5-9af8-77cd66d2480c.filesusr.com/ugd/fedf23_19928c7ee08c4695b62a030bc4379d68.pdf?index=true
- https://0f868836-cbc4-47c3-b856-d11ba4755e57.filesusr.com/ugd/6cf0f5_e8ed30e682924296946c973452abfa6c.pdf?index=true
- https://cf8ca5d2-a6e9-48b8-8707-87bb59e7aa8a.filesusr.com/ugd/98857b_97ce59d881394921bd9bf80a2809e0e8.pdf?index=true
- https://c1759be8-b3bd-424a-9c45-f159d2ef54ea.filesusr.com/ugd/de3d83_d55483bfad0b4ec4828b48f3d18a86d1.pdf?index=true
- https://216773fd-c1dd-475b-a3bc-50533a901fbe.filesusr.com/ugd/3615fb_77ea1e0d42564858bcce2f2f4d2f3d8b.pdf?index=true
- https://627b9128-a363-4b5b-a199-445c5035ceec.filesusr.com/ugd/4a2613_cf17a4f653a2449dbaf6fbf597199d52.pdf?index=true
- https://164c83a3-b3a1-4d9c-9de8-b136b11531e2.filesusr.com/ugd/23a6c3_83ae5ee8d3c94a74aa454a6c88536c8c.pdf?index=true
- https://fbc0a444-d5df-4746-9076-35e49b8262e3.filesusr.com/ugd/140efa_3883624cca094a4e94e3885a9a7b23f1.pdf?index=true
- https://32c4ad58-df6a-4da8-9d5c-6868db8203c8.filesusr.com/ugd/1e52da_d02a778b65cf46f1965b42c2ca003852.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068cd.binfb82948e3d272a88db9d14b955c69818dfb50f9be4682f4a6c30e197ef5e1e6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68CD | 4912 bytes |
font_01_sfnt_off0000799c.bin29481ab1b4f9f10425794f8c33d677a64c9b96c51630b4a010f0bd7e2eb48e96 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x799C | 15028 bytes |
font_02_sfnt_off0000a7e9.bin1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA7E9 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.