MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a link to a known malicious redirector, which is designed to lure users to potentially harmful websites. The document body, though heavily obfuscated, contains text related to tax services and a URL that appears to be part of a SEO link farm strategy. The presence of numerous embedded links, many pointing to benign-looking PDF files, suggests an attempt to disguise malicious activity within a large number of links. The primary malicious URL is https://ttraff.club/wix?keyword=lindley%2527s+tax+service+stafford+tx+77477.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=lindley%2527s+tax+service+stafford+tx+77477
- http://wawiroj.prehabwa.com.au/uploads/1/3/1/3/131379256/jikabuxora.pdf
- http://devone.aurora-v-cinematography.com/uploads/1/3/1/3/131384013/4004905.pdf
- http://files.liongrads.com/uploads/1/3/1/6/131606128/bosamanosexapelola.pdf
- https://2c05f8e2-77c3-49af-b320-944b2f93b535.filesusr.com/ugd/38062a_323c6bb8fea642c5b6a5f4e447dd6580.pdf?index=true
- https://2db864a5-99e7-45d6-843f-04c721a454f7.filesusr.com/ugd/7a11b0_bde3bbe583af43e3bac247fccc691b49.pdf?index=true
- https://86053550-9755-4892-ae1e-1716cd3e10b5.filesusr.com/ugd/10b11f_25b70d58c3ef48869354eaf039b1c84c.pdf?index=true
- https://73fe38d7-c642-4774-97a8-d8c62ee27e80.filesusr.com/ugd/7f46b5_c63ccbed99784dc3b368bc46e2532c4c.pdf?index=true
- https://bba9c1bd-5da6-4d35-bc76-93b5fb954af8.filesusr.com/ugd/7a7fb1_237d69f8a6104cf999d413bf56f37a21.pdf?index=true
- https://f7b5c845-a185-43fb-9bbf-259ec816f190.filesusr.com/ugd/1cc777_408a0176bf9446f98d34feccbdf6f9c4.pdf?index=true
- https://82893071-9796-4c6a-bf53-8b510b64a431.filesusr.com/ugd/66f3f9_570ec90e25af4f4ab5d703012bb51612.pdf?index=true
- https://3033312f-c034-46b3-a9c9-a36650670b7b.filesusr.com/ugd/e3325f_58753badefaf43008848d54295c65ae5.pdf?index=true
- https://5f4eba29-d080-4f9f-aec0-9cff35f975f3.filesusr.com/ugd/e50c99_2f05317f1199487b80a084536ec70ff8.pdf?index=true
- https://d9eebb25-2155-4f58-b518-a0fd3658196c.filesusr.com/ugd/1b0481_38800f80d894419d90a9069e9300ba87.pdf?index=true
- https://105394a9-da69-4db2-a1d7-db4caf7b7894.filesusr.com/ugd/ff3115_8569f7ae9239489f81cf3bff1f835ee8.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004945.bin84811bd390212d9c29db9f37c757a95e2cf51ae68eef10fd70733a1ffd0ab4c8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4945 | 5388 bytes |
font_01_sfnt_off00005bd3.binbd611ebe7c8fb872596b04f275d2b45691ce779b3aa00605ba4a39c508d05fca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BD3 | 10356 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.