MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.cc/wix?keyword=agave+americana+medicinal+uses+pdf'. This indicates the document's primary purpose is to redirect users to a malicious site, likely for phishing or malware distribution. The presence of a large number of external PDF links also suggests a link farm or SEO manipulation tactic. No scripts were extracted, but the embedded URL is sufficient evidence for the attack pattern.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=agave+americana+medicinal+uses+pdf
- https://static.usrfiles.com/ugd/b8c837_50f6211c317440199d0a1933d8024b7f.pdf
- https://static.usrfiles.com/ugd/3bca44_2f728a4bf36543bd901615ff6a77168b.pdf
- https://static.usrfiles.com/ugd/b8c837_97c63ce2fcee4200a901fbcbc4ae9af9.pdf
- https://static.usrfiles.com/ugd/b8c837_563e00509e5f4d25a3223ff5547c9d4d.pdf
- https://static.usrfiles.com/ugd/b8c837_007c84f8449f45b1aed9b09d4a4f3800.pdf
- https://static.usrfiles.com/ugd/45fd81_080a5b0fbb2f4395b931c41c01247b80.pdf
- https://static.usrfiles.com/ugd/3bcfef_631faf7e433b4de48e79ab0bf0da0d03.pdf
- https://static.usrfiles.com/ugd/906e9f_199d13f886f24a34833b7434f495c904.pdf
- https://static.usrfiles.com/ugd/c1de29_1ebb14c1062e465a8d66f19e1e05dfc9.pdf
- https://static.usrfiles.com/ugd/3d0627_35b8ceafaf524560be1748c939ae4b03.pdf
- https://static.usrfiles.com/ugd/dad90e_b09d634729de4444907f20f53d2b1b3b.pdf
- https://static.usrfiles.com/ugd/b8c837_0a498d95f1c549b0a84515fce544a631.pdf
- https://static.usrfiles.com/ugd/38bf1f_80e5c2184e754ec4a97e0c09c34068a3.pdf
- https://static.usrfiles.com/ugd/b8c837_5ecbdfdbc4174a6387c801116fd50566.pdf
- https://static.usrfiles.com/ugd/5ecadc_b8983508d4c4490a844a3f09e3d70781.pdf
- https://static.usrfiles.com/ugd/b8c837_bb28bba2e9e2433cb5d6891e4461d7a4.pdf
- https://static.usrfiles.com/ugd/b8c837_3f3e3cad37c74af9a38918bbef1032de.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007838.bin7b7182ecc18a376c163964379163d93a58cc87dad9d4632fead23ce5ecbe514a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7838 | 5216 bytes |
font_01_sfnt_off000089df.bin91b2fc876b501ac8c9153e356c15baa8e6de42e040d3fb9afe9b6664910250c4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x89DF | 15684 bytes |
font_02_sfnt_off0000b988.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB988 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.