MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/pify?keyword=cisco+catalyst+2960x-+48ts-+l+datasheet'. Additionally, another critical heuristic indicates a PDF link farm hosted on 'static.usrfiles.com', suggesting an attempt to generate traffic or distribute content. A medium heuristic also flags a callback phishing lure, consistent with social engineering tactics. The document body, though heavily obfuscated, contains the same URL as the malicious redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=cisco+catalyst+2960x-+48ts-+l+datasheet
- https://static.usrfiles.com/ugd/fb83f1_7b37108d82f045c0b37d474c1c86a418.pdf
- https://static.usrfiles.com/ugd/c12414_4a21116e5dff4d45a80d8f29665467e4.pdf
- https://static.usrfiles.com/ugd/a44510_ccd492483ae54da7b2d21c517a3ca5d2.pdf
- https://static.usrfiles.com/ugd/238140_86f171fb9fc34964a3d0034593ef26c8.pdf
- https://static.usrfiles.com/ugd/6846fe_981c680b2da24088bd869f9fdce0ca7d.pdf
- https://static.usrfiles.com/ugd/91e123_2d4da8cefaa248db8f7aaa30d83598dc.pdf
- https://static.usrfiles.com/ugd/1fbf8b_cb59ee39fbcb45adbc3c61d55ca5fe92.pdf
- https://static.usrfiles.com/ugd/12daa7_78eb1262e69f45c8b4f9788db1bd3592.pdf
- https://static.usrfiles.com/ugd/b8c837_b361b32ed397438fba0f4d6ea1c31c35.pdf
- https://static.usrfiles.com/ugd/0511f5_189fe77fdcdb4d07a5af9cec61fcb3d5.pdf
- https://static.usrfiles.com/ugd/229b11_3b13eff38b2e459c9998d88450d1e7b5.pdf
- https://static.usrfiles.com/ugd/429b25_06dfaf5b36de421db5f53da6b322bf77.pdf
- https://static.usrfiles.com/ugd/32acb1_610a38c4ccde4aa9a603cfce9d5f8cc9.pdf
- https://static.usrfiles.com/ugd/432b07_a7a96acdc3814b85b2e805fddf9172ea.pdf
- https://static.usrfiles.com/ugd/882da0_8e5483d8558e4f82a792ab5eac12e3df.pdf
- https://static.usrfiles.com/ugd/10b11f_18e5a5fe9ed947e7898aa35d35fc85d6.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000116c9.bineb9bd3dcc88b275b7ae396ca1cdbde3c69d6ca825c8bb93eb7f519760ec36376 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x116C9 | 5904 bytes |
font_01_sfnt_off00012af0.bin7a2ec8da98a0d8e0a1311855d0791522cdcc87634c21656228e9e1e191997749 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12AF0 | 17076 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.