MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing indicating it links to known malicious redirector infrastructure. The document body, though heavily obfuscated, contains a URL that matches the one identified by the heuristic. This suggests the document's primary purpose is to trick users into visiting a malicious site, likely for further exploitation or credential harvesting.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=chapter%2015%20accounting%20answers%20pdf
- https://static.usrfiles.com/ugd/c57cae_540ed83c0b18431b850ab5801c538a33.pdf
- https://static.usrfiles.com/ugd/ea2c45_52bea728c9e449889e11f4c1c1487ccc.pdf
- https://static.usrfiles.com/ugd/3c9ac1_f0daec20d6554264b67627662707782d.pdf
- https://static.usrfiles.com/ugd/e1c37d_6677d732d32b405db32ec8dbe4cdc0d5.pdf
- https://static.usrfiles.com/ugd/c57cae_498344562c0b46f7b3d3879f03fa5b41.pdf
- https://static.usrfiles.com/ugd/b56239_aabba41704334032ac335ba488d41001.pdf
- https://static.usrfiles.com/ugd/b8c837_c2d11ba8215d4f77a198bde4d589db48.pdf
- https://static.usrfiles.com/ugd/46429b_68b351444a7c4b27ae7cb8ec64fceaec.pdf
- https://static.usrfiles.com/ugd/0e2875_6f41183d5fb14c5997358672a16a3a02.pdf
- https://static.usrfiles.com/ugd/bc84a3_c6106188048d4a3aab6f5b25fd4d8949.pdf
- https://static.usrfiles.com/ugd/b8c837_f3f4a0e144e5436d86d7252bc50e2254.pdf
- https://static.usrfiles.com/ugd/d9d1f5_7aefa7d0e88648a0a0742d49736d5801.pdf
- https://static.usrfiles.com/ugd/60933b_125c5c3414f74103aaa8150ab15c1c95.pdf
- https://static.usrfiles.com/ugd/f390e7_aa344c07b1134b07ba8fe90b5267884d.pdf
- https://cdn.shopify.com/s/files/1/0431/7547/7405/files/40501204334.pdf
- https://cdn.shopify.com/s/files/1/0434/4204/5090/files/can_t_blizzard_launcher.pdf
- https://cdn.shopify.com/s/files/1/0431/0528/8349/files/43220858234.pdf
- https://cdn.shopify.com/s/files/1/0434/0236/3047/files/banna_badmash_aaya_ringtone.pdf
- https://cdn.shopify.com/s/files/1/0436/1152/1187/files/who_makes_huskee_mowers.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001f1d0.bin883d02d6678b90c361bf426676bceb45579151860fce6b2f634b4ab1b76ccc4b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1F1D0 | 5556 bytes |
font_01_sfnt_off000204c7.binbaa3e986df240651f6de6d786c6badd161cf5f71cd3388976ecad1896ea1c686 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x204C7 | 15676 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.