MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic indicating it links to a known malicious redirector, specifically 'https://ttraff.com/wix?keyword=m1a+suppressor+tarkov'. This suggests the document's primary purpose is to redirect the user to a malicious site, likely for phishing or malware delivery. The presence of a large number of external PDF links also points to a link farm, often used for SEO poisoning or to obscure malicious destinations. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=m1a+suppressor+tarkov
- https://cdn.shopify.com/s/files/1/0440/3914/3574/files/10424226124.pdf
- https://cdn.shopify.com/s/files/1/0437/1942/6197/files/viwodiku.pdf
- https://cdn.shopify.com/s/files/1/0464/6164/9048/files/kevexusojul.pdf
- https://static.usrfiles.com/ugd/07625c_88419c673b3f4a6b8d5be3fa25cd16e8.pdf
- https://static.usrfiles.com/ugd/b8c837_cbc3ed3688bd4e81b20d5ed8562a561f.pdf
- https://static.usrfiles.com/ugd/b7ed05_f25b39bc0d084a7baf2ae28d491f5255.pdf
- https://static.usrfiles.com/ugd/d1d005_5a9073b2f74c4c388d7f88d13f3d0315.pdf
- https://static.usrfiles.com/ugd/dc8a8e_a04206c87e964f0db31e766c991d7e2c.pdf
- https://static.usrfiles.com/ugd/b48b60_e964f592582d42b589ba5c011b63be80.pdf
- https://static.usrfiles.com/ugd/b8c837_1c8f0f166b774fa6be07bed4b8b3d198.pdf
- https://static.usrfiles.com/ugd/79e0dc_9e3ed3c8866749efadd29096891cb729.pdf
- https://static.usrfiles.com/ugd/2f8cea_2af781e4d322495b925b074d7c8e5feb.pdf
- https://static.usrfiles.com/ugd/1849a1_258548b455a843ab9c889b7c24303e6d.pdf
- https://static.usrfiles.com/ugd/5926b4_2201bbe593024be48657a920a88b61c1.pdf
- https://static.usrfiles.com/ugd/b8c837_d5c930cd192341068dc5cb433cd6616b.pdf
- https://static.usrfiles.com/ugd/b8c837_d87cadde1a834953bef59706939dbe68.pdf
- https://static.usrfiles.com/ugd/24853a_b65104ba0f85493bbb33bef49c00a269.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/d1d005_5a9073b2f74c4c388d7f8
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000070d3.bin22c60967226527a728b80494892341663f995ab15efc7d787a3170a767cd76b4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x70D3 | 4692 bytes |
font_01_sfnt_off000080ec.binb9dc73b669529aa6902b85c8074cbd0248c92d4be22f5bc70b327aa951b7fc44 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x80EC | 10196 bytes |
font_02_sfnt_off0000a3d2.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA3D2 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.