MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains multiple embedded links, with a critical heuristic firing indicating a malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure for a 'dark souls 3 pyromancer beginner guide' and includes the malicious URL. Another critical heuristic identified a PDF link farm, suggesting a tactic to artificially boost search engine rankings or distribute malicious links. The presence of a remote support lure heuristic indicates a potential social engineering attempt to gain further access.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Remote-support tool lure high SE_REMOTE_SUPPORT_LUREDocument instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=dark+souls+3+pyromancer+beginner+guide
- https://cdn.shopify.com/s/files/1/0434/6282/0005/files/avatar_games_free_for_laptop.pdf
- https://cdn.shopify.com/s/files/1/0433/5481/6665/files/portfolio_templates_for_designers.pdf
- https://cdn.shopify.com/s/files/1/0431/3962/9218/files/reading_and_writing_skills_grade_11_download.pdf
- https://cdn.shopify.com/s/files/1/0435/4847/5541/files/blown_film_extrusion_machine.pdf
- https://cdn.shopify.com/s/files/1/0434/4181/5718/files/61939091461.pdf
- https://static.usrfiles.com/ugd/0fdb6d_7f8e39b7c90e45119c0388f0ddbb9b8f.pdf
- https://static.usrfiles.com/ugd/f34823_9cad0854ba774c31aaa0bba0acd3c6dd.pdf
- https://static.usrfiles.com/ugd/2f8cea_69e79c473eec4ce9aae31aeef4af0d25.pdf
- https://static.usrfiles.com/ugd/fd3290_91ea57a957d04cf9ba297a014b6604a8.pdf
- https://static.usrfiles.com/ugd/5af86b_a5677410188c4d3dbf06ab990d6ffc48.pdf
- https://static.usrfiles.com/ugd/26481d_664074adc2d34da68429c581f309b3a2.pdf
- https://static.usrfiles.com/ugd/d90490_22f5d66c079a4715b186aca594173f89.pdf
- https://static.usrfiles.com/ugd/97aff7_9299750ce8a74876807fa4c4a60de25d.pdf
- https://static.usrfiles.com/ugd/299074_b68fb3d0ef6e4244b52259c68aaeb0e5.pdf
- https://static.usrfiles.com/ugd/a18aa6_c3168576b3174526ab923a39b6ff21d2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000667a.binb458021dd5b09a846a5b4694e0109cdec47eb567f7fbb1474595d7d472cec8a8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x667A | 5860 bytes |
font_01_sfnt_off00007a61.binf0315bb75fc83e75f569525c4931277300e6605668bd052843adbedb665c5910 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A61 | 10504 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.