MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/wix?keyword=triathlete+training+bible+pdf+download'. This indicates the document is designed to redirect users to external, potentially harmful content. The document body, though heavily obfuscated, contains text related to a 'triathlete training bible pdf download' and the authoring application 'wkhtmltopdf', suggesting a lure for free content to mask malicious redirection.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=triathlete+training+bible+pdf+download
- http://files.sarahsiegler.com/uploads/1/3/0/7/130775084/nirevud_pirinilil_daposegexised.pdf
- http://podomopes.thekingdomiswithin.com/uploads/1/3/0/8/130814729/8063779.pdf
- http://files.johnlugotrebble.net/uploads/1/3/1/4/131437513/2656d6205cb904c.pdf
- http://files.blazindancefitness.com/uploads/1/3/1/4/131483083/mavojavos.pdf
- http://dowukix.uptonvfw.org/uploads/1/3/1/4/131438563/95c433536.pdf
- https://ca1b20b3-a59f-4a7f-b117-782c55d12975.filesusr.com/ugd/2e16aa_59f13711a728496d80396945a7246092.pdf?index=true
- https://49f2f6ac-5606-4ce7-bcae-1d9ee3700d20.filesusr.com/ugd/d1c05f_e9699e49b81c455faa513ac83dd62867.pdf?index=true
- https://c6e7c526-0aa8-4b1d-9402-860c4d6d01c9.filesusr.com/ugd/f80014_c3940f05f42c4100b6f509e8dc770bae.pdf?index=true
- https://291bd5d1-99b3-4fd0-8cb7-027e7116347c.filesusr.com/ugd/e3ff21_274ac32b1e904138b8c82a6958185f0f.pdf?index=true
- https://39acf798-3dc3-4f03-a195-99d2bf5ee313.filesusr.com/ugd/665c20_7a447ee994b7495a8d9486138223eb0b.pdf?index=true
- https://c6799712-adcc-46bf-9c4c-d2f047e74123.filesusr.com/ugd/c57cae_3bb606ec47d0427abde8d210c9850dd6.pdf?index=true
- https://820a9583-fc53-45fc-8e64-11d4b3261770.filesusr.com/ugd/48bf55_93370d1c997e44c8a082e456eac2f65e.pdf?index=true
- https://c91f3ca6-1640-4646-ab4e-e31281effbec.filesusr.com/ugd/e56fe2_6f1da735ed6846d9b4c5d790b5f900cf.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/1301/2641/files/applecare_medical_group_prior_authorization_form.pdf
- https://cdn.shopify.com/s/files/1/0429/6402/5493/files/census_data_2011_free.pdf
- https://cdn.shopify.com/s/files/1/0430/4211/1637/files/77993316959.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dc58.bin08edad4dd165f2f9c44e5a2b6d3187ade4526e473d08ec0e077ff70694689f08 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC58 | 5308 bytes |
font_01_sfnt_off0000ee68.bin9f4d9676f1a1f89e8c7c7a10a3658ecbfd3349ceb44c17ba62b2307b338f5240 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE68 | 15372 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.