MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF document contains a mass of external links, masquerading as a "Lexus is250 manual pdf" to deceive users. One critical heuristic indicates a link to known malicious redirector infrastructure at ttraff.com. The document body itself is heavily obfuscated but contains references to the malicious URLs. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=lexus%20is250%20manual%20pdf#lexus+is250+manual+pdf
- http://files.lisamccafferty.com/uploads/1/3/1/3/131383664/bamibitamurata.pdf
- http://files.whitegallowaysofwayby.com/uploads/1/3/0/8/130873907/fewubogukobavel-sixomolimu-mifip.pdf
- http://files.jemun.net/uploads/1/3/1/4/131437538/zimef-pafitakimu-kazuwapofi-xefulogekasa.pdf
- http://files.companionsofchrist.org/uploads/1/3/0/9/130969375/3234800.pdf
- http://files.rhythmresearchresources.net/uploads/1/3/1/6/131606127/gelizoxi-mevep-xuzumifam.pdf
- http://files.bonneygirlphotography.com/uploads/1/3/2/6/132681204/sapoxorufewodod.pdf
- http://files.fnaq.org/uploads/1/3/0/9/130969944/nivubuluro.pdf
- http://files.mhecblacon.com/uploads/1/3/1/4/131437351/vasak.pdf
- http://files.omanroadshow.com/uploads/1/3/0/7/130776841/kasulojemuv.pdf
- http://files.medfieldheightspto.com/uploads/1/3/1/0/131070190/joridesaz.pdf
- https://xazipadetex66456909.files.wordpress.com/2020/06/51314836334.pdf
- https://xitesino.files.wordpress.com/2020/06/xebarerikasurinufofusaxo.pdf
- https://nuvosunogad.files.wordpress.com/2020/06/xazujefemumuweru.pdf
- https://wumudatimi.files.wordpress.com/2020/06/19222250116.pdf
- https://dolixojov.files.wordpress.com/2020/07/32480367599.pdf
- https://nogikejaruk.files.wordpress.com/2020/06/minol.pdf
- https://gakijisib.files.wordpress.com/2020/06/niregesugitivaxovozig.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eecd.bin043c511af9470930715aa0a1f804753b64d00d10887198c3301b41ed716f61d9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEECD | 13140 bytes |
font_01_sfnt_off0001196b.bin845dbd1eb251f0ec2b50c660fb0f3c390fd3e522bf1f126db41fb7e87ef48a84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1196B | 5192 bytes |
font_02_sfnt_off00012aff.bin2c922b54f7d6c9c998b92ca2c88f137279e5e96bdcd300d86b86965d59db856e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12AFF | 15412 bytes |
font_03_sfnt_off00015ae7.binb10e7a0583bf6b216a5471aeed10f14210f1dda3adb60ac5169fcb38ba12e60c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15AE7 | 16060 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.