MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.me/wix?keyword=batch+file+games+pacman'. Additionally, it exhibits characteristics of a PDF link farm, with numerous links to external PDF files, many of which are hosted on potentially compromised or low-reputation domains. The document body, though heavily obfuscated, contains references to the malicious URL and other PDF links, reinforcing the lure. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=batch+file+games+pacman
- http://files.bishopgumbleton.com/uploads/1/3/1/3/131379371/tokasinipegog.pdf
- http://files.djunsheikable.com/uploads/1/3/1/3/131379875/muwewodix.pdf
- http://guvuso.stiknstop.com/uploads/1/3/1/3/131380183/lizizixu_selive.pdf
- https://557ac102-3203-40f6-b121-5473d1011151.filesusr.com/ugd/cf9ff1_a68c868746d74ef1a4e403e09ed1441b.pdf?index=true
- https://9ca947ca-ecc0-46bf-94b5-799f9b790a74.filesusr.com/ugd/067ecb_96caf81792f4479ca71bbaca229cb38f.pdf?index=true
- https://92d8a0d6-5847-43ad-ab58-7e5139cdd328.filesusr.com/ugd/8e7730_3cfb1cd4434143eb9c34678d60fa6878.pdf?index=true
- https://97f397f8-36b7-434d-88ac-642c61a8de44.filesusr.com/ugd/65d6f7_dfa829702cb34998a4acb0ce27e8d697.pdf?index=true
- https://5503d602-4656-4817-ac40-b2101b4d6ad7.filesusr.com/ugd/7ea8bb_718f737dd2504fa19b11bac76fa26f94.pdf?index=true
- https://cdn.shopify.com/s/files/1/0430/8713/4882/files/vajegipazupavelog.pdf
- https://cdn.shopify.com/s/files/1/0460/6518/9019/files/end_user_training_template.pdf
- https://cdn.shopify.com/s/files/1/0434/3165/7638/files/simafakuvugitis.pdf
- https://102df8ce-5b52-4534-b421-c3ac46c1832a.filesusr.com/ugd/238140_aed9eab31c4e410c9f103a955bdb4bf4.pdf?index=true
- https://6bdceff3-8659-4cb2-aa06-eb963128fe30.filesusr.com/ugd/03ae60_7d3f7f312ce34f688267ba9cc7c301ef.pdf?index=true
- https://4e2bd541-a0de-4997-a109-176b0faff25a.filesusr.com/ugd/69695d_358f25d4cce648e49c7e557145f8454c.pdf?index=true
- https://65f49f4c-25d8-49fe-ae4b-0b1891d99f90.filesusr.com/ugd/ab922d_cdf599a0905a4e2bb11036bf48fa5679.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057ed.bindfea16311c4c647fb7c5e5b8d85f4d9fe6d9a187cef21e41698e51f4f0b5d11d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57ED | 5060 bytes |
font_01_sfnt_off00006903.binc0537a81bd72bedb4a7cd35e00c8c7ec5f0ddf38d8ec2f8df1cdcf21521d86b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6903 | 11376 bytes |
font_02_sfnt_off00008fa9.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8FA9 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.