MALICIOUS
180
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link pointing to 'ttraff.com', which is associated with a fake CAPTCHA lure. The document body, though heavily obfuscated, contains text related to 'Dish network dvr error code 04' and includes the malicious URL. The presence of a link farm heuristic further suggests an attempt to manipulate search engine results or distribute malicious content. The overall pattern indicates a phishing or scam attempt using a fake verification prompt to trick users into clicking malicious links.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake CAPTCHA / human verification prompt high SE_FAKE_CAPTCHADocument displays a fake CAPTCHA or human-verification prompt — used to trick users into running commands or pressing keyboard shortcuts
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=dish+network+dvr+error+code+04
- https://cdn.shopify.com/s/files/1/0435/5942/0063/files/integrated_chinese_traditional_characters.pdf
- https://cdn.shopify.com/s/files/1/0430/2284/4067/files/15492498795.pdf
- https://cdn.shopify.com/s/files/1/0427/4293/9814/files/65655869773.pdf
- https://cdn.shopify.com/s/files/1/0435/9018/9215/files/22023328477.pdf
- https://cdn.shopify.com/s/files/1/0431/6430/3516/files/coc_base_editor_apk.pdf
- https://static.usrfiles.com/ugd/b8c837_fde0e5f9ecf94f0f8fa19f126ef7d74a.pdf
- https://static.usrfiles.com/ugd/30e015_760c439d314543e8bdfb08829a27df14.pdf
- https://static.usrfiles.com/ugd/b8c837_c079e397d6b543469c9d93c04b4a128c.pdf
- https://static.usrfiles.com/ugd/b48b60_36ba5272657245bfbc31fa2ed4ac7b13.pdf
- https://static.usrfiles.com/ugd/8cbfce_ade4ed8d94f84b9888a3df7fd6f4123f.pdf
- https://cdn.shopify.com/s/files/1/0427/6633/6166/files/88649965723.pdf
- https://cdn.shopify.com/s/files/1/0435/2750/4024/files/baxopokimuxivufuki.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b0ab.binc52fe29067a281029fd922ed6a95e4eca581bfaad73fdfe6484a09eada237176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB0AB | 5232 bytes |
font_01_sfnt_off0000c28b.bin20475fd4d48ea8e90885b232d4d9a289f1f32740720e0af2a2971a922491bf3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC28B | 11736 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.