MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 Command and Scripting Interpreter: PowerShell
The PDF file contains a heuristic match for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to malicious infrastructure. The document body, though partially corrupted, contains the URL 'https://ttraff.me/wix?keyword=bluetooth+splitter+app+android' which is likely intended to trick the user into clicking it. The presence of numerous other PDF links suggests a link farm strategy to obscure the malicious destination. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=bluetooth+splitter+app+android
- https://static.usrfiles.com/ugd/9421c8_c577cae3821a40d0a61058d4dffa96bd.pdf
- https://static.usrfiles.com/ugd/10a4aa_b8b66257e10848e2a40f64d5569c3664.pdf
- https://static.usrfiles.com/ugd/64e449_4b0c772071bb4034af610113740795af.pdf
- https://static.usrfiles.com/ugd/575fb0_170cb8d7bb014ccba70568bc3d50d09b.pdf
- https://static.usrfiles.com/ugd/0d002d_7f0da796717248fa9d1873aa38d35881.pdf
- https://static.usrfiles.com/ugd/b8c837_db0f21ed758f4bd0b9a393ee819e4285.pdf
- https://static.usrfiles.com/ugd/f6a907_75ac8ea025804b26b6e1c904be86d107.pdf
- https://static.usrfiles.com/ugd/cacfd7_b4b7739a69844aa7b7a8a5119a35efbe.pdf
- https://static.usrfiles.com/ugd/40512e_8c83feac0c79467b84046f277ac0db2b.pdf
- https://static.usrfiles.com/ugd/ecd213_981baa252e174b00ae700ba044ce235e.pdf
- https://static.usrfiles.com/ugd/52b593_cdf9f637c5bb4ac19beb46540a6601b2.pdf
- https://static.usrfiles.com/ugd/c63dba_cd6027e4cbf649f2b2c8bc639e5faca3.pdf
- https://static.usrfiles.com/ugd/b148e5_4b1e7cf0408a4a23bdd9a5e148e7222f.pdf
- https://static.usrfiles.com/ugd/c75f60_934efeb1bb5d43a98622448cd59423ab.pdf
- https://static.usrfiles.com/ugd/76dd3d_198f24ce1fde4075b0cb7466657c5062.pdf
- https://static.usrfiles.com/ugd/8e9e2f_cea55bd8be8e4e808cdcae985610750b.pdf
- https://static.usrfiles.com/ugd/8aba0c_147347f9feb546289a15f3b300a011eb.pdf
- https://static.usrfiles.com/ugd/b8c837_e027e159079b4864815ff3ad355f9773.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000591e.bin7beb27846c56345412af609109d36d3d41e4448670afcc01adc24028791bf938 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x591E | 5096 bytes |
font_01_sfnt_off00006a66.bin0a7dcb2a0d8ca56794d7168f5fecb928b283d897738876672a1fb790213755a2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A66 | 10232 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.