MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1059.001 Command and Scripting Interpreter: PowerShell
The PDF file contains a link to a known malicious redirector, ttraff.com, disguised with a seemingly innocuous keyword. This suggests a phishing or social engineering attempt to redirect the user to malicious content. The PDF also contains a large number of external links, many pointing to static.usrfiles.com, which is flagged as a link farm. The document body, though heavily obfuscated, contains the target URL and references to cultivation, likely as a lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=black+gram+cultivation+pdf+in+tamil+nadu
- https://static.usrfiles.com/ugd/b8c837_13ee047d00e046cb88a652344cdcc94e.pdf
- https://static.usrfiles.com/ugd/b8c837_41f77f6964174f279e88c00b328106d1.pdf
- https://static.usrfiles.com/ugd/b8c837_39d35689cf7343b5be459bd2bf20f237.pdf
- https://cdn.shopify.com/s/files/1/0434/7386/2808/files/52537487387.pdf
- https://cdn.shopify.com/s/files/1/0434/1714/1415/files/anforme_economics_b.pdf
- https://cdn.shopify.com/s/files/1/0433/4492/0734/files/25247450055.pdf
- https://cdn.shopify.com/s/files/1/0438/9509/5464/files/beach_buggy_blitz_hack_version.pdf
- https://cdn.shopify.com/s/files/1/0437/7817/9221/files/7603298418.pdf
- https://static.usrfiles.com/ugd/3f0e57_0192092ac6074ed49a8df227d3679ed3.pdf
- https://static.usrfiles.com/ugd/451461_cc5254447eab42db827478f1519d6faa.pdf
- https://static.usrfiles.com/ugd/b8c837_0f3b9c2cb1cd470db88665cd18bc7821.pdf
- https://static.usrfiles.com/ugd/63d3ad_6a6502d158a54a488e5bfb25d012d687.pdf
- https://static.usrfiles.com/ugd/5899d5_aed85c23b84843f28f94ef12a95d46bd.pdf
- https://static.usrfiles.com/ugd/45e30f_6eb251c8d08247a79d38b9aacdd28f87.pdf
- https://static.usrfiles.com/ugd/cfbfd2_6dd8a7fbb198484db591ab6d48a61e71.pdf
- https://static.usrfiles.com/ugd/b8c837_7c4bcfd4219a421899f64d8d8e73d6f7.pdf
- https://static.usrfiles.com/ugd/7dd30d_f1f1bec6e2414f30a1ed00cd2eb8bd80.pdf
- https://static.usrfiles.com/ugd/b8c837_d952017713bc475385a68baaf43b0e80.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064be.binc9da5cc32acedba7da6344f6e2e36f6d65b643934796a05e1bb5c174171c0ef3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64BE | 5232 bytes |
font_01_sfnt_off00007674.bin02862efb6fd64d4d3dfbce04fb073e14d75200ab5878b7203fa64d98d4443861 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7674 | 10448 bytes |
font_02_sfnt_off00009a50.bin4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A50 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.