MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged for containing a malicious redirector link and a link farm. The primary malicious URL, https://ttraff.com/wix?keyword=alcatel+one+touch+manual+programming, is likely used to lure victims. The document body, though heavily obfuscated, contains references to this URL and other benign-looking PDF links, suggesting a coordinated effort to distribute malicious content through a link farm. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=alcatel+one+touch+manual+programming
- https://static.usrfiles.com/ugd/9ff9b8_e0b57df9a4d941658054392e409d70d2.pdf
- https://static.usrfiles.com/ugd/c8a981_cac0b4aa7b714931ba34db348e30cb27.pdf
- https://static.usrfiles.com/ugd/64f9d2_10a0262cb8aa405bb17ae169b52d52f9.pdf
- https://static.usrfiles.com/ugd/b8c837_33ed2aa250824ee2b529c83309b153c1.pdf
- https://static.usrfiles.com/ugd/4dd980_2e0f1bc2864d4f0da7e8987dc33ac5b8.pdf
- https://static.usrfiles.com/ugd/bf650e_91bf8d74e8804e889e2c2c3f5cf3b0cd.pdf
- https://static.usrfiles.com/ugd/b8c837_8a4c2a3206e74988a977902c2f6c2f71.pdf
- https://static.usrfiles.com/ugd/5ed537_7d29c9a7395f4ed3b9f6a51b9b16a186.pdf
- https://static.usrfiles.com/ugd/16a96a_ef81e1cc95da42bd9781793704ba00aa.pdf
- https://static.usrfiles.com/ugd/b8c837_fd0d0913464c447e8d33514485477726.pdf
- https://static.usrfiles.com/ugd/a91264_5f4856e04b25488494535db73b00b668.pdf
- https://static.usrfiles.com/ugd/73cb9e_53812e5acdc14f88870baec301d91cbb.pdf
- https://static.usrfiles.com/ugd/b8c837_a2fbf54a1b834237886e01810424e488.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004e5c.bin0a324b96c178e07eb4b8c3e057ac65d685d2e428c37a5e4ddb086fdcfd2a0009 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E5C | 5160 bytes |
font_01_sfnt_off00005fbc.binfd89d68720fb3c967b68ff1676798efe051683f3c31df8192a70f9a11fcf76fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FBC | 10832 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.