MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link that, when clicked, redirects to a malicious domain ('ttraff.com') disguised as a download for a game. This indicates a social engineering tactic to trick users into visiting a potentially harmful site. The PDF also contains a large number of embedded links to other PDFs, suggesting a link farm designed for SEO manipulation or to distribute further malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=dragon+ball+z+shin+budokai+2+downloa
- https://cdn.shopify.com/s/files/1/0438/8916/4440/files/80952433565.pdf
- https://cdn.shopify.com/s/files/1/0439/9644/6878/files/20358483480.pdf
- https://cdn.shopify.com/s/files/1/0430/8277/6727/files/revigesoxulapedogut.pdf
- https://cdn.shopify.com/s/files/1/0438/1887/7090/files/48979303898.pdf
- https://static.usrfiles.com/ugd/b8c837_abe6bba0a8304adcb885ee555a61a8ab.pdf
- https://static.usrfiles.com/ugd/3aca14_e1a3b98bf2924f97adfe91b2c5edd444.pdf
- https://static.usrfiles.com/ugd/b8c837_5eff75ab89544472add42aa72c8f1902.pdf
- https://static.usrfiles.com/ugd/b8c837_71f8c17080884841932376b293b9c202.pdf
- https://static.usrfiles.com/ugd/eed56f_eb149299366f4375bf561b971edc04b3.pdf
- https://static.usrfiles.com/ugd/8b97dd_2cf7e4b28c90432e838f028de2450b7e.pdf
- https://static.usrfiles.com/ugd/a31856_55a472a0e62b4176b6aae62774ca4bac.pdf
- https://cdn.shopify.com/s/files/1/0444/6031/0695/files/sownictwo_angielski_b1_b2.pdf
- https://cdn.shopify.com/s/files/1/0431/9887/3762/files/79974070957.pdf
- https://cdn.shopify.com/s/files/1/0428/8148/2919/files/destinos_textbook.pdf
- https://cdn.shopify.com/s/files/1/0434/7301/0850/files/audacity_full_version_2019.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/vibemegabixowosepabotabux.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068bc.bine1b9db4531472e1be6c0ff26cc0c631c88917a0b1998a4f01d43cd1e3d27e4e2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68BC | 5564 bytes |
font_01_sfnt_off00007bb3.bina7b750ea9fc93fb36f1884ac3a20c141d5d9f12ea111247de8a7e7fb00c4f285 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BB3 | 10288 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.