MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a malicious redirector link disguised as a book download. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK confirms this, and the embedded URL points to ttraff.com, a known malicious redirector. The PDF_SEO_LINK_FARM heuristic indicates the document is part of a link farm, likely to improve search engine ranking for malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=the+greatest+book+on+dispensational+truth+in+the+world+pdf
- https://cdn.shopify.com/s/files/1/0431/2806/2103/files/zelda_ocarina_of_time_gamecube_iso.pdf
- https://cdn.shopify.com/s/files/1/0431/5476/8021/files/cascada_de_coagulacion_sanguinea.pdf
- https://cdn.shopify.com/s/files/1/0431/6246/8514/files/36298065273.pdf
- https://cdn.shopify.com/s/files/1/0428/3141/3414/files/76363499943.pdf
- https://cdn.shopify.com/s/files/1/0429/1998/5319/files/7640414458.pdf
- https://cdn.shopify.com/s/files/1/0437/8787/8549/files/zureluxexavobepevizev.pdf
- https://cdn.shopify.com/s/files/1/0431/4795/2294/files/lebikevisusonolapikigigu.pdf
- https://static.usrfiles.com/ugd/b8c837_3d4996c4c49c4289a8913bc5ffcd4555.pdf
- https://static.usrfiles.com/ugd/b8c837_2bf05d33aec643fbaf93c37a4d577458.pdf
- https://static.usrfiles.com/ugd/e2c6c1_ed14fb0d46344250b929255d5c04c470.pdf
- https://static.usrfiles.com/ugd/b8c837_a4896846267a44788b3369099de04883.pdf
- https://static.usrfiles.com/ugd/b8c837_9aededc51e8842e38f48124ca1d670d4.pdf
- https://static.usrfiles.com/ugd/b8c837_fc6b6f62d3b24825a46cfaf80c404621.pdf
- https://static.usrfiles.com/ugd/8acad3_05347d9c993940768ead779e93badc6b.pdf
- https://static.usrfiles.com/ugd/b8c837_752b1aaa1f574dcb93a3fbfb7c4d109f.pdf
- https://static.usrfiles.com/ugd/b8c837_294bdf10fbdf4bb1b8ea1ae9bf76877d.pdf
- https://static.usrfiles.com/ugd/b8c837_fac4f3bee03747608773ef38166757fd.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006288.bin89f3eda44e3d759c2278443d2f6b0240c519fec9aaa42f586d30525f840a6f38 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6288 | 5428 bytes |
font_01_sfnt_off00007504.bin3f6cb50b7b961e69e29a73acf6ab6f407f3be2f87c07b83d3bb531fa773e04ca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7504 | 10356 bytes |
font_02_sfnt_off00009889.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9889 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.