MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to its inclusion of a link to a known malicious redirector. It also contains a large number of external PDF links, a technique often used for SEO manipulation or to host further malicious content. The document body contains garbled text and URLs, reinforcing the malicious nature of the file.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=pranayama+breathing+meditation
- https://static.usrfiles.com/ugd/b8c837_8cf3b0b71b3d427f87cd7294520a3692.pdf
- https://static.usrfiles.com/ugd/83f04e_fe1d4b6fd317447e93caa1d02093476a.pdf
- https://static.usrfiles.com/ugd/23e9be_9a6f8d3bc1164b8aa773f8fd4cadf9a0.pdf
- https://static.usrfiles.com/ugd/cac9e4_f48c8187d0b64d28967db27152d9a39e.pdf
- https://static.usrfiles.com/ugd/b8c837_563bce6c44624919b8f09561690b991b.pdf
- https://static.usrfiles.com/ugd/b58d21_4dc1938b3ebd414889808636ade54542.pdf
- https://static.usrfiles.com/ugd/b8c837_ada084d37453491c81c6fd609163feab.pdf
- https://static.usrfiles.com/ugd/6cf392_0fd8cd1e55324d3e94c2e3af57358b77.pdf
- https://static.usrfiles.com/ugd/8acad3_2e618b1b669e4c2fadea837420b4aab3.pdf
- https://static.usrfiles.com/ugd/d3758e_e14acdf598724502ad31f09be0220d8c.pdf
- https://static.usrfiles.com/ugd/b8c837_29f53c28561d4bb1a99562316b0557f2.pdf
- https://static.usrfiles.com/ugd/b8c837_1de383fdc8ff445f9343ab234c04cb5e.pdf
- https://static.usrfiles.com/ugd/d1d005_cda874701dfb4a22b3266c07c7f6e88c.pdf
- https://static.usrfiles.com/ugd/dad90e_1e9e83eed3d441689c902d5d6806a56d.pdf
- https://static.usrfiles.com/ugd/1fbf8b_7f4999e7bfaf4abcad7a1953cabad313.pdf
- https://static.usrfiles.com/ugd/7598fa_6eb96878582f47dbbea171cff2b3d3f4.pdf
- https://static.usrfiles.com/ugd/b972d5_c6521aee1d534d0db2c84a636819e921.pdf
- https://static.usrfiles.com/ugd/b8c837_a6fa92e436784cf9956ea7197c1b1fa1.pdf
- https://static.usrfiles.com/ugd/5438e3_0b7864e45d4a4bad859072f3e3263960.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0000cf90.bin38a1bf87956b42eacb9885628b4223c1012513a50c44cc345af815aa9e652523 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xCF90 | 6156 bytes |
font_00_sfnt_off00008e82.bin1273a16eceda4972b5f66fab72da68638e765945f8db6bb6f540dd54c828464e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E82 | 5272 bytes |
font_01_sfnt_off0000a036.bineb903a4bcabb0673128613fc2c6a3b3be6b6be0204d11159aa2f590e1d82ee93 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA036 | 3740 bytes |
font_02_sfnt_off0000abaf.bin4b01c796763824e74583e61833505fe5dc21ceb16d4910eb87f2678cb90aa165 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xABAF | 10444 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.