MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link that redirects to a malicious domain, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains the same malicious URL and appears to be part of a link farm designed for SEO poisoning, as indicated by the PDF_SEO_LINK_FARM heuristic. The presence of a 'download' button lure further supports a social engineering attack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=canon+lide+120+scanner+setup
- https://static.usrfiles.com/ugd/e6092c_9e5d046be4f4462a93cabb06ffbc9f5d.pdf
- https://static.usrfiles.com/ugd/1da05d_b0329f3474e544ec9063b0febf595606.pdf
- https://static.usrfiles.com/ugd/fb83f1_0af2f8a5324944c183a6fef98d7946d3.pdf
- https://static.usrfiles.com/ugd/a2c2bc_ffb28bc2e72b44ba9c221aed02bb0500.pdf
- https://static.usrfiles.com/ugd/7598fa_bffd3c3cf5fd4d488726d54094b4f3dc.pdf
- https://static.usrfiles.com/ugd/82e28d_0d994062b4be4eedaf421889634358e0.pdf
- https://static.usrfiles.com/ugd/b0cd75_ec0174d74fb7408b82bea31a577bb89e.pdf
- https://static.usrfiles.com/ugd/63d3ad_aeaeebcccd434f9d88b64e67785a4abb.pdf
- https://static.usrfiles.com/ugd/3be3a7_feb189aaf8244ce88a92b8ca02643c30.pdf
- https://static.usrfiles.com/ugd/55f640_9673522d23a84652a5976e0efba2833d.pdf
- https://static.usrfiles.com/ugd/ce77c6_39acffe7f67447f6a0f9d0950b1d3eca.pdf
- https://static.usrfiles.com/ugd/3eed2b_75dd235439e94630a441063c64b1e1cc.pdf
- https://static.usrfiles.com/ugd/4d935e_70b1c08e592c4f9986f441acfb776f48.pdf
- https://static.usrfiles.com/ugd/345929_f104e96099914cff9fc9b22bd5c249b0.pdf
- https://static.usrfiles.com/ugd/fc840b_a76099853b1d4b71bc1fec1770dea507.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000062fe.bina3f39f30c6eb1d39b54dd0b0d4f74c4cb7b4b46c785be36cc07572997d2720b1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62FE | 5296 bytes |
font_01_sfnt_off0000750d.bincb87c33a9e0ae4be94dd68c794d8f63385fa2e56769c49a390890d4450455aba |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x750D | 10124 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.