Malware Insights
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/wix?keyword=total+war+warhammer+has+stopped+working'. The document body, though heavily garbled, contains text related to 'Total war warhammer has stopped working', suggesting a lure. The file also contains a PDF link farm heuristic, indicating it hosts numerous external links, with the first one being 'https://static.usrfiles.com/ugd/0c8cc8_a328bf9c6def42b4af857fc1feb982de.pdf'. This combination suggests a phishing or social engineering attack aiming to redirect users to malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=total+war+warhammer+has+stopped+working
- https://static.usrfiles.com/ugd/0c8cc8_a328bf9c6def42b4af857fc1feb982de.pdf
- https://static.usrfiles.com/ugd/9d869b_583f75dcff9240b5b96148d91cc7a75e.pdf
- https://static.usrfiles.com/ugd/b8c837_898e8e7762264120a1679a80c3bdadeb.pdf
- https://static.usrfiles.com/ugd/b8c837_63d90ac156de4c11bdc0aa0bbbf60d20.pdf
- https://static.usrfiles.com/ugd/b8c837_109c11e779594eff83c1b5f4ee0ce557.pdf
- https://static.usrfiles.com/ugd/b8c837_95797f8b807143c5af5fd41e7d5949e8.pdf
- https://static.usrfiles.com/ugd/b8c837_6d963c41c3254c718a19e9826dba365e.pdf
- https://static.usrfiles.com/ugd/b8c837_b6e58425420a424886fa6e7d8e2336de.pdf
- https://static.usrfiles.com/ugd/b8c837_98a3294d0fdd43828a85bcd1b00c5cf5.pdf
- https://static.usrfiles.com/ugd/8ab72e_84282767a7d84235bb616b9a33139ec3.pdf
- https://static.usrfiles.com/ugd/b8c837_b8873021ca7949f9a9aab3c01abd3296.pdf
- https://static.usrfiles.com/ugd/60933b_885adb39a1a942a2bcf8d14e7ea3db94.pdf
- https://static.usrfiles.com/ugd/3ab5ed_70756191073143b99a5d3976bad536d8.pdf
- https://static.usrfiles.com/ugd/fa6f14_f4f01d38e58e48c0812fe685fb5d961d.pdf
- https://static.usrfiles.com/ugd/b65acf_02aaa9bf84fc4127b39f7d6c4739c3c3.pdf
- https://static.usrfiles.com/ugd/cc03df_741182c4a9c24b8a853d1ac4de8e9f66.pdf
- https://static.usrfiles.com/ugd/b77b08_29be084eda164f9eabb9514f53963098.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cad.bin716d93bf5be37948cb21ac82245b6b431efcd548bca95e79014a1348d81bf2d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CAD | 5476 bytes |
font_01_sfnt_off00007f3a.binaaf681186383a1bfc36a1f1b2d05e436e9f14c0e87e40fe11ef4193d5030f63a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F3A | 10744 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.