MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a lure for a 'Magento tutorial pdf free download' which is a common tactic for phishing or malware delivery. The embedded link directs to 'ttraff.com', identified as a malicious redirector. The file also contains a large number of links to other PDFs hosted on 'static.usrfiles.com', suggesting a link farm or SEO poisoning attempt to improve search engine ranking for malicious content. No scripts were extracted, but the PDF structure and embedded URLs strongly indicate a phishing or redirection attack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=magento%20tutorial%20pdf%20free%20download
- http://kubopax.prime-peak.com/uploads/1/3/0/8/130814238/dekag.pdf
- http://fufisozi.tlcac.net/uploads/1/3/1/3/131398091/d0361cb8b395.pdf
- http://kolol.twigny.com/uploads/1/3/0/7/130775883/dafifuwitikizem.pdf
- http://bajal.provisopartners.com/uploads/1/3/0/7/130740073/kuwok_zezunizerir_piposu.pdf
- http://files.designbyllewelyn.com/uploads/1/3/1/3/131398542/zajifujosudipokuku.pdf
- https://static.usrfiles.com/ugd/359e64_d2b004ca0f8f4f019aed85a3c241d673.pdf
- https://static.usrfiles.com/ugd/16a96a_b20134f3c85840c6896b8e2faae9377b.pdf
- https://static.usrfiles.com/ugd/2c76f4_74706c3348ad4f4fa701b8a9d8f3135b.pdf
- https://static.usrfiles.com/ugd/bb05c1_11a688d0a64e4b62a086008761d35a75.pdf
- https://static.usrfiles.com/ugd/5ecadc_82d60a738efe40ad9d4279ecb3f23ae2.pdf
- https://static.usrfiles.com/ugd/a48928_7b12a5b322c34ecbb3a82476cb8f20fd.pdf
- https://static.usrfiles.com/ugd/a48928_2286b214f20b4c058c7e29108c68cb16.pdf
- https://static.usrfiles.com/ugd/0ad6c7_8e1bb13375d54491bc8f327b712ea5d9.pdf
- https://static.usrfiles.com/ugd/1f2646_13802e350f774ea2adaf0c98843c24f6.pdf
- https://static.usrfiles.com/ugd/b7082a_e44dd0be738243958bc6d89d3fdcac1b.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cfb.bin3e627694db490e87a4aea12b51a372c70d9af2cee2fa740345871771ed3b2566 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CFB | 5128 bytes |
font_01_sfnt_off00007e9a.bin945cf7bb5a5672c0936f78ba4067acc0f88f72fe421aa1d4dc8ca2df2baee84a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E9A | 10068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.