MALICIOUS
202
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
T1059.003 Windows Command Shell
T1059.001 PowerShell
The PDF contains multiple embedded links, with one pointing to a known malicious redirector. The document body and heuristics suggest a lure to install a browser extension or execute commands, likely related to a scam or malware delivery. The presence of a malicious redirector and the social engineering lures indicate a high likelihood of a phishing or malware distribution attempt.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=minecraft++unblocked+java
- https://static.usrfiles.com/ugd/dd4472_f04d9298c3524f7ba409a0347cfae212.pdf
- https://static.usrfiles.com/ugd/cf14a4_a23108f7f14346c2af73f1a8a27ed581.pdf
- https://static.usrfiles.com/ugd/ca32a8_801f12c919074411a655599befd4bd37.pdf
- https://static.usrfiles.com/ugd/b8c837_1587aea5e0934618be9b5e73dd47a9df.pdf
- https://static.usrfiles.com/ugd/0f1814_c6ac45d55d1b4e67a0b6530e6dfee3ef.pdf
- https://cdn.shopify.com/s/files/1/0430/8838/0061/files/ribodu.pdf
- https://cdn.shopify.com/s/files/1/0429/7415/0809/files/zosinivesokomim.pdf
- https://cdn.shopify.com/s/files/1/0432/3845/7504/files/suwowefesuxewizamawode.pdf
- https://cdn.shopify.com/s/files/1/0431/6587/6379/files/el_ser_humano_como_unidad_biopsicosocial.pdf
- https://cdn.shopify.com/s/files/1/0430/5059/8562/files/dibolideripu.pdf
- https://cdn.shopify.com/s/files/1/0432/4491/2802/files/wirofiwabazi.pdf
- https://cdn.shopify.com/s/files/1/0432/6470/4662/files/wisajivepalibuxom.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000061b8.bin92187fae8ce16da28a3d01ce502edebf789ba0bc20406da5c97a5de14d24a053 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61B8 | 5184 bytes |
font_01_sfnt_off0000736f.binef77c80d9503441ce10b0758651d61f028535029370bd8291f1ff73bbb4d378d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x736F | 14416 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.