MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, with one identified as a known malicious redirector. The heuristic firings indicate this is a link farm designed to lead users to malicious infrastructure. The document body contains garbled text and a URL that appears to be part of the link farm, suggesting a lure for users to click through to potentially malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=border+light+untuk+android
- https://static.usrfiles.com/ugd/b8c837_16b29c74837141d68f7af8a584ffb58e.pdf
- https://static.usrfiles.com/ugd/912de2_824b009f4d714b4882a0fc295b6ce5ca.pdf
- https://static.usrfiles.com/ugd/c75f60_3fa01046c6414503bc4211a8ad5c27b1.pdf
- https://static.usrfiles.com/ugd/49be48_7d60a2f2177a4e00882bea38bc46ff96.pdf
- https://static.usrfiles.com/ugd/b8c837_dfe136bcdc9e448dbf4c3a112f7ebd87.pdf
- https://cdn.shopify.com/s/files/1/0433/1651/0873/files/33912523811.pdf
- https://cdn.shopify.com/s/files/1/0429/0586/2307/files/denub.pdf
- https://cdn.shopify.com/s/files/1/0448/4166/4669/files/discord_cant_hear_anyone.pdf
- https://cdn.shopify.com/s/files/1/0427/6636/8935/files/shimano_altus_fd_m310.pdf
- https://static.usrfiles.com/ugd/5fd5c1_f99af7a3dda64d869f7b35cecc5f2057.pdf
- https://static.usrfiles.com/ugd/b8c837_2df67ebf33d145a4a7d7626fcc6d1c51.pdf
- https://static.usrfiles.com/ugd/eed56f_86747762dc594d96ad0226ba68be3e06.pdf
- https://static.usrfiles.com/ugd/d55797_b8d1a266b78a4e529fb35971674ae9ba.pdf
- https://static.usrfiles.com/ugd/bf07b1_86850b250704425d955462459793da2d.pdf
- https://static.usrfiles.com/ugd/19ce5d_82759bb789e94681a44b93568f6050bc.pdf
- https://static.usrfiles.com/ugd/a107db_e5dfc34481a644909a3591a15522cb2d.pdf
- https://static.usrfiles.com/ugd/ce0e6d_4dbfc49aa2e741efb9aabdb25295bd41.pdf
- https://static.usrfiles.com/ugd/ec0c41_e33aaf5b966b4390b3e710f59af5a763.pdf
- https://static.usrfiles.com/ugd/760101_4c4e7f9bedfa4fdda402cc556ff29d88.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006239.bin2e8feedd170b49f5963382f64a5ea81007e516ad67b1f387837657e2cf82aa46 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6239 | 4904 bytes |
font_01_sfnt_off000072da.bin3a9075fa7bcf3e3e2e96460a28208488742adc40e0288b0a799878008d208f49 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72DA | 9988 bytes |
font_02_sfnt_off00009513.bina542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9513 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.