MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass external link farm, with a prominent link disguised as a download for 'after effects wedding templates'. This link redirects to a known malicious redirector. The presence of a visual download button further supports the lure. The file's purpose is to redirect users to malicious infrastructure.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=after+effects+wedding+templates
- https://static.usrfiles.com/ugd/824332_3d22fb7d8a9e402dbabf1a516a7d0966.pdf
- https://static.usrfiles.com/ugd/b8c837_662fc99ef5f64949ae2c97a62ca28da3.pdf
- https://static.usrfiles.com/ugd/d775a9_a75bfd3bc74c434ca113876a35a43bca.pdf
- https://static.usrfiles.com/ugd/3f0e57_b0c8bfe5e4bc439abc100fd4aa6edfa8.pdf
- https://static.usrfiles.com/ugd/599f1c_019a23c3fedf45978f18ed11c403a44c.pdf
- https://static.usrfiles.com/ugd/b81754_701730a90275466491a98e74a3854d86.pdf
- https://static.usrfiles.com/ugd/29c71c_9caeadb03e36479aa00b01a3273ada5e.pdf
- https://static.usrfiles.com/ugd/2274a7_25f24f70d66d4b57851ca30f7982339d.pdf
- https://static.usrfiles.com/ugd/a48928_d1200380486e4a118755b013f51f4155.pdf
- https://static.usrfiles.com/ugd/b8c837_949bcddcbd734bbcaf75a39819f57f67.pdf
- https://static.usrfiles.com/ugd/b6edda_51733c23446048b39400613c9a2598a1.pdf
- https://cdn.shopify.com/s/files/1/0450/6284/8664/files/cinema_hd_apk_new_version.pdf
- https://cdn.shopify.com/s/files/1/0437/3839/8869/files/firefox_offline_installer.pdf
- https://cdn.shopify.com/s/files/1/0435/8724/0095/files/saucony_everun_guide_iso_review.pdf
- https://cdn.shopify.com/s/files/1/0431/0781/1482/files/piratinaseb.pdf
- https://cdn.shopify.com/s/files/1/0434/7982/6589/files/15819898466.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c95.bin3ab809b6cea4f26309b79c2b72ea306ebde377a6eaeecabd9f6d2332e7e3e7da |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C95 | 5556 bytes |
font_01_sfnt_off00007f7c.bind766fe80c2d0f4931ef398b02e9c8f61602d5a5a23c40667b0a0142b437c9e4b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F7C | 10148 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.