MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link disguised as a 'resign letter bangla' which redirects to the malicious domain ttraff.com. This indicates a social engineering lure designed to trick the user into visiting a potentially harmful site. The PDF also contains a large number of external links, many pointing to Shopify domains, suggesting a link farm or SEO manipulation tactic to distribute the malicious redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=resign+letter+bangla
- https://cdn.shopify.com/s/files/1/0429/0638/6595/files/morisky_green_levine_medication_adherence_scale.pdf
- https://cdn.shopify.com/s/files/1/0431/7731/2411/files/sapetusidugoji.pdf
- https://cdn.shopify.com/s/files/1/0464/1410/2696/files/draw_with_jazza_brushes_free.pdf
- https://static.usrfiles.com/ugd/0511f5_598ae02ecf1740808039bbf59df4cafc.pdf
- https://static.usrfiles.com/ugd/6908d7_348590dfd2174324acef49f7df7d78ba.pdf
- https://static.usrfiles.com/ugd/74e9cf_0fbcf4cef72c4bd0b33d21c1b8f2cb67.pdf
- https://static.usrfiles.com/ugd/3dd68e_04944b38915440ce9e85d9fb344491c8.pdf
- https://static.usrfiles.com/ugd/b8c837_9c262cfdec3f45ada39e82d66ff610f6.pdf
- https://static.usrfiles.com/ugd/a31856_2c2ab68001674987975ed546afef5f65.pdf
- https://static.usrfiles.com/ugd/b8c837_d70c5c6f37024ce0901cfea14c0efcb7.pdf
- https://static.usrfiles.com/ugd/1c8c6c_55e072ae7bf740b7ae37a36c1fefcfae.pdf
- https://static.usrfiles.com/ugd/b8c837_c9480f7a8b664adbb95a5b2b15bbd69b.pdf
- https://static.usrfiles.com/ugd/ae059d_d81fdc1877a34f6ba446586b85a3d540.pdf
- https://static.usrfiles.com/ugd/b8c837_8d3269b0839740d79e79dbe27f89ce81.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007629.bina4072898a6d88d4230da440517473dcb3cc220c387c2a7a63dfda636fc9f5047 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7629 | 5000 bytes |
font_01_sfnt_off00008733.binb7882c459d94d9fb05ee491b72d0ee9c35e8d4bc9ed5787c7a0b3ba78fd6bc86 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8733 | 4140 bytes |
font_02_sfnt_off0000945b.binbe96d4ab25ece85b891e5f211018d233d52c09208e8b309ea97403eb72d6b6c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x945B | 10400 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.