MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, many of which point to a redirector service. The primary malicious link identified is https://ttraff.cc/wix?keyword=ima+brave+frontier, which is flagged as a malicious redirector. The document body appears to be obfuscated or corrupted, but the presence of a link farm and a malicious redirector strongly suggests a phishing or malware distribution attempt.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=ima+brave+frontier
- https://static.usrfiles.com/ugd/b8c837_3b0faf57070d4187bef536e0dec52e7e.pdf
- https://static.usrfiles.com/ugd/f0f215_7d6686d3d4e04a4ebf690382397f4a17.pdf
- https://static.usrfiles.com/ugd/7ea8bb_ace6671b93cf45a494d32da7abbbb498.pdf
- https://static.usrfiles.com/ugd/73f3b0_0f43a06321d747398b62bff07227cad5.pdf
- https://static.usrfiles.com/ugd/1e4819_622e3b379084449c9671f590b3d8a4ba.pdf
- https://cdn.shopify.com/s/files/1/0430/9480/2581/files/bafixalifiwipekiguwiwori.pdf
- https://cdn.shopify.com/s/files/1/0433/1274/2550/files/83010869499.pdf
- https://cdn.shopify.com/s/files/1/0431/7564/1247/files/pufimusukimoke.pdf
- https://cdn.shopify.com/s/files/1/0430/4021/1105/files/10878859711.pdf
- https://cdn.shopify.com/s/files/1/0429/5049/2316/files/7540847508.pdf
- https://cdn.shopify.com/s/files/1/0433/7205/2643/files/70919607217.pdf
- https://cdn.shopify.com/s/files/1/0433/4475/6901/files/gikigewiredopuzoxago.pdf
- https://cdn.shopify.com/s/files/1/0437/0182/9797/files/xumafexun.pdf
- https://cdn.shopify.com/s/files/1/0427/7701/8524/files/fozujajarakotal.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008299.bina7abb32187466f755d3a2117af27642b86551dda19782bd30ccae0440b117da3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8299 | 5020 bytes |
font_01_sfnt_off00009435.bin2b7edf0257365e16d308430b2a912e759e6dc78a75e19028bf91586c69b0390e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9435 | 4628 bytes |
font_02_sfnt_off0000a3cb.bin9191cc7502066f39e717437ffac717f8c246a82609407cf90685f55bfb2728b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA3CB | 10540 bytes |
font_03_sfnt_off0000c813.bine9fe716c2abc985b12a899a49d5539e4e8be1b56d50c083b30290d85a2a7c848 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC813 | 16092 bytes |
font_04_sfnt_off0000dcdb.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDCDB | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.