MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1200 Hardware Add-Override
The PDF contains a mass of external links, including a critical link to a known malicious redirector at https://ttraff.club/wix?keyword=game+dev+story+direction+guide. This indicates a phishing or scam attempt, likely to direct users to malicious content. No scripts were extracted, and the document body is heavily obfuscated, but the presence of the malicious redirector is a strong indicator of malicious intent.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=game+dev+story+direction+guide
- https://554dc969-b4bb-4999-b6e8-b52c03678555.filesusr.com/ugd/65e777_272febf9db09490fae5d1fc2aeb1fc1d.pdf?index=true
- https://fa87514e-d7cc-46f4-b76e-c5226dd554fd.filesusr.com/ugd/d8966e_35d76e46e04e4a8a9d23133592689d9f.pdf?index=true
- https://bb74ce3a-91c6-4178-8878-67b3fb54fb42.filesusr.com/ugd/3d0627_c1452d7904ac4136bbf5f3b3ab6c5352.pdf?index=true
- https://8276aa87-bb0c-4af6-b6f2-5e00547f6f5c.filesusr.com/ugd/fe83c3_79232324e3c84c3db10a4591c7e6cc0b.pdf?index=true
- https://a2eb6bc0-092f-4398-8592-84ef960bf096.filesusr.com/ugd/c068f8_37414f97ce5e4a04ba01ad3fadf9f2f4.pdf?index=true
- https://cdn.shopify.com/s/files/1/0436/3183/7344/files/jigapuraguzuka.pdf
- https://cdn.shopify.com/s/files/1/0439/4595/1400/files/38413536898.pdf
- https://cdn.shopify.com/s/files/1/0432/7846/7222/files/english_to_russian_dictionary_with_pronunciation.pdf
- https://cdn.shopify.com/s/files/1/0433/0140/4830/files/famonitigolemuwoku.pdf
- https://82a4794e-f0f2-4700-b2f4-83d68ae6260a.filesusr.com/ugd/b7306e_22a802084cf84d5cbc7e4161afcb6c82.pdf?index=true
- https://7d00b453-6c43-405f-9334-006f59e05c5f.filesusr.com/ugd/cf9ff1_973fc6132b524c9ab49976a701c9a287.pdf?index=true
- https://c501e3b4-3ed0-4a51-862b-a3192664f1bd.filesusr.com/ugd/9df9d6_ab313f3716dd49aaaba637cfaa2c219e.pdf?index=true
- https://f64e9e78-8e34-4a9f-85e5-7cf4e34b8e5c.filesusr.com/ugd/d38238_1cc73597a1884789af7173785164d7ae.pdf?index=true
- https://cf8ca5d2-a6e9-48b8-8707-87bb59e7aa8a.filesusr.com/ugd/98857b_97ce59d881394921bd9bf80a2809e0e8.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000626a.bin3462cc15510ea8f7a67b97df5f48857abdddf89995352ff54cb7a27ca3e1cde0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x626A | 5420 bytes |
font_01_sfnt_off000074d9.bineb231892eba0abcd9a30872d84b73e5a20f217ed4a129419385e89cbbe7e1c19 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74D9 | 10588 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.