MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, directing users to a URL disguised as a free calendar template. The document body, though heavily obfuscated, contains the same URL. The file also contains a heuristic for a PDF link farm, indicating a large number of external links, many of which point to static.usrfiles.com.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=free+calendar+template+excel+2020
- https://static.usrfiles.com/ugd/6c032c_7b7c8cda00774205826f62e0b08b83f2.pdf
- https://static.usrfiles.com/ugd/b50c55_c183418de96b47c78b5aa567e7a2d886.pdf
- https://static.usrfiles.com/ugd/b8c837_8bcff15cfa1c4370b1d950ab64693aab.pdf
- https://static.usrfiles.com/ugd/1decf9_485f789168ac47eab8aee47a32ea6fc5.pdf
- https://static.usrfiles.com/ugd/b8c837_4c69bdd5ea6641f28ed114ab42664ee6.pdf
- https://cdn.shopify.com/s/files/1/0434/8451/2406/files/business_law_12th_edition.pdf
- https://cdn.shopify.com/s/files/1/0432/3406/6600/files/zejaniruwol.pdf
- https://cdn.shopify.com/s/files/1/0432/0218/3325/files/40711141969.pdf
- https://cdn.shopify.com/s/files/1/0438/4276/4962/files/google_camera_android_version.pdf
- https://cdn.shopify.com/s/files/1/0439/1718/1083/files/mortal_kombat_x_android_cheats.pdf
- https://static.usrfiles.com/ugd/1be480_268ad91208814d2da8347b8d3c10924f.pdf
- https://static.usrfiles.com/ugd/accd1f_949a6aea4b7e43b79693735864b37e18.pdf
- https://static.usrfiles.com/ugd/824332_644bdedf3e5b44c4b16e5adb7683060e.pdf
- https://static.usrfiles.com/ugd/808d8c_9767431425f9418d8546dcdec3792d96.pdf
- https://cdn.shopify.com/s/files/1/0435/9503/8877/files/17250581543.pdf
- https://cdn.shopify.com/s/files/1/0431/5152/4001/files/possessive_adjective_practice.pdf
- https://cdn.shopify.com/s/files/1/0435/9539/9325/files/68220987203.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/bisadugizutojaririxenudep.pdf
- https://cdn.shopify.com/s/files/1/0433/6350/0197/files/gfebs_user_manual.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a6a.bin6e0a4afd4da3cbce56e7db98b47fa3bd1591f2849846a616f2f2b6193c8d59f2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A6A | 5340 bytes |
font_01_sfnt_off00007c82.bin8d93bf670b4742ff4ecbff8753686fd90d5b678cb34b38ea633cd839c36af80e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C82 | 10204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.