MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, which is also present in the document body. This link, 'https://ttraff.cc/wix?keyword=informal+letter+example+for+class+5', is designed to lure users to malicious infrastructure. The document also contains a large number of embedded links, many pointing to Shopify, which is flagged as a link farm. The primary intent appears to be directing users to the malicious ttraff.cc domain.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=informal+letter+example+for+class+5
- https://cdn.shopify.com/s/files/1/0430/8008/9760/files/vcds_release_10._6_crack_free.pdf
- https://cdn.shopify.com/s/files/1/0440/7758/0453/files/steuerklasse_wechseln_antrag.pdf
- https://cdn.shopify.com/s/files/1/0438/1851/6637/files/6301358856.pdf
- https://cdn.shopify.com/s/files/1/0431/7049/6672/files/viennese_waltz_music_free.pdf
- https://cdn.shopify.com/s/files/1/0432/6404/9318/files/gidexok.pdf
- https://static.usrfiles.com/ugd/217d68_a10c6c85fc404d5695db8bf08d689f7a.pdf
- https://static.usrfiles.com/ugd/8e1900_49b5aa88f04f48e5bd9f59e4726f2949.pdf
- https://static.usrfiles.com/ugd/b8c837_fafa41c826854254940890c10bed8360.pdf
- https://static.usrfiles.com/ugd/cdb50c_62146aa13f10490495ab35c61cd3159f.pdf
- https://static.usrfiles.com/ugd/ce77c6_9e6e4c0ce3cd444f83bab3afbe141f54.pdf
- https://static.usrfiles.com/ugd/5ed537_442a05f290254032acf85d2d63c2e99c.pdf
- https://static.usrfiles.com/ugd/9b5f63_c7a8940874b84cb49fc2907ddbd0570c.pdf
- https://static.usrfiles.com/ugd/cfa91a_c9f439e02bf9428085b9c19d55e6f50c.pdf
- https://static.usrfiles.com/ugd/cfbfd2_235a713cb7114a22a05d3f7aa4d8b4dd.pdf
- https://cdn.shopify.com/s/files/1/0432/5467/7662/files/pexixazuxizoxotaganuxofe.pdf
- https://cdn.shopify.com/s/files/1/0431/0515/7282/files/bicentennial_man_torrent.pdf
- https://cdn.shopify.com/s/files/1/0429/5216/3482/files/dovre_astroline_4cb_manual.pdf
- https://cdn.shopify.com/s/files/1/0428/8030/3263/files/sajumulasemavekexipele.pdf
- https://cdn.shopify.com/s/files/1/0462/2142/6841/files/98046675913.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000069eb.bince51174ecef3076c6089f4d5a865d0d919abf1ab90e3fb8a8c2ad44402ca1146 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69EB | 5292 bytes |
font_01_sfnt_off00007bd7.bin7c2b84fc65299c452964eafa46c1985904c914d33627f1f9458a94e7b4a61acc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BD7 | 10244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.