MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1059.003 Windows Command Shell
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link pointing to 'ttraff.club', which is also present in the document body. Additionally, a heuristic indicates a 'clipboard command execution lure', suggesting the document instructs users to copy and paste commands into a shell. The presence of numerous links to 'static.usrfiles.com' suggests a link farm, likely for SEO poisoning to drive traffic to the malicious redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=android+studio+tutorial+pdf+for+beginners+2017
- https://static.usrfiles.com/ugd/3e0cb9_238aed5996f54763b3b42445d33833fd.pdf
- https://static.usrfiles.com/ugd/590778_03bab6b12ecf4a9485865c4f664b9392.pdf
- https://static.usrfiles.com/ugd/b8c837_b53e9525bd1749be8c2034ce0e38c3fb.pdf
- https://static.usrfiles.com/ugd/6cabbb_abf1d9870b4446e2a117dc04a9bf06a4.pdf
- https://static.usrfiles.com/ugd/cac9e4_6f559197df424ad6b1478e3e0dd9c02d.pdf
- https://static.usrfiles.com/ugd/b8c837_c8fc5307b7c84764b06b437b970d8ec4.pdf
- https://static.usrfiles.com/ugd/b8c837_d0183fa233b04eaba1a5c57c03c6be3f.pdf
- https://static.usrfiles.com/ugd/d1d005_5d6b7d876c1d4d31842fe76fe03279e3.pdf
- https://static.usrfiles.com/ugd/62e2c1_de33a7b8bc314092b51654b651aa222d.pdf
- https://static.usrfiles.com/ugd/238140_459cf94d2d514322886a9a013c7dc270.pdf
- https://static.usrfiles.com/ugd/b85eb0_7ff0a4f5b94f4e729714eec7b3b40b72.pdf
- https://static.usrfiles.com/ugd/8a419d_83780e7d1fb24906a153c686d386ba34.pdf
- https://static.usrfiles.com/ugd/4cf28d_4f1c35019b4245918cd3fd2174ec5e3a.pdf
- https://cdn.shopify.com/s/files/1/0432/2459/6642/files/werivak.pdf
- https://cdn.shopify.com/s/files/1/0430/1458/6521/files/duzubokaxowifamazevo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000061af.bin2073cf062976dea50dad5322942a962ae7891b148ffea2a3af0a621c490feaf4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61AF | 5744 bytes |
font_01_sfnt_off00007554.bine99dcdd4bbc22a5f7de29e3a582aeb043847152d8eabc91f906ff197b676589a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7554 | 9968 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.