MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, which points to a URL that appears to be part of a link farm. The document also contains a critical heuristic for requesting recovery secrets, indicating a phishing attempt. The embedded URL 'https://ttraff.cc/wix?keyword=beyblade+burst+gameplay' is likely the primary lure, while the numerous links to static.usrfiles.com suggest a broader SEO poisoning campaign.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Recovery secret / private key request critical SE_SECRET_RECOVERY_LUREDocument requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=beyblade+burst+gameplay
- https://static.usrfiles.com/ugd/b8c837_88e5ae1a84cb4ed89e333e06beae123e.pdf
- https://static.usrfiles.com/ugd/a8ca0f_84e5aa11a06349558e0eea81e5425001.pdf
- https://static.usrfiles.com/ugd/173616_aa595f2a1d704c83b2b9953e8b5331ca.pdf
- https://static.usrfiles.com/ugd/eddc50_65ca577d20cf4a748fd0278dffbe7981.pdf
- https://static.usrfiles.com/ugd/3c9ac1_fc377bed309147058e5b6be7a36145a3.pdf
- https://static.usrfiles.com/ugd/6924eb_34a80d86a75649f79c1680eadc52fb16.pdf
- https://static.usrfiles.com/ugd/865d50_525c01ade99d4e75b5116953c270b08c.pdf
- https://static.usrfiles.com/ugd/1b8612_b5d54a7d0b4941368170b56a1a2ae3cd.pdf
- https://static.usrfiles.com/ugd/843280_cbbea7431a75445b942b24c553271196.pdf
- https://static.usrfiles.com/ugd/913720_d47c47100d25489fa8d533523890761d.pdf
- https://static.usrfiles.com/ugd/b8c837_81dc683b970c48aca77afce710b8cbcd.pdf
- https://static.usrfiles.com/ugd/b8c837_623562211cd74c198580d61541629065.pdf
- https://static.usrfiles.com/ugd/b8c837_e10ee5f6e76d49589f79dae644af953f.pdf
- https://static.usrfiles.com/ugd/b8c837_785ed7ad92914914afe6863ecf3a8722.pdf
- https://static.usrfiles.com/ugd/270e53_fa5aa3a3ad8641bc8502ffb67e1f9444.pdf
- https://static.usrfiles.com/ugd/7d1dc9_acacd6fb845c4122a94f74af27e632fe.pdf
- https://static.usrfiles.com/ugd/18574e_8f27176d9b3341c3810fd861192c84ce.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007282.bin8a1210bdbf1bfe392ffa41a966ad29f3f164e77a9e4666541870a22d1549e1f1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7282 | 3736 bytes |
font_01_sfnt_off00007fde.binf3d1b7d76255c8fde0a2a25ac8d883d71796463d94cdd74943e8714a3b0a965f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FDE | 5572 bytes |
font_02_sfnt_off000092bb.binb13b72410136b5d0fa933d52f2c83591c00573d837aaa59252542489296363e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x92BB | 10308 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.