MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to a domain known for malicious redirection. One such link, 'https://ttraff.cc/wix?keyword=castlevania+game+boy+advance', is explicitly flagged as malicious. The document body, though heavily obfuscated, also contains this URL, suggesting it is the primary lure. The presence of a link farm indicates an attempt to obscure the true destination or to generate traffic.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=castlevania+game+boy+advance
- https://static.usrfiles.com/ugd/b8c837_7bc36a9f5104486ca7fc52d0f3f10884.pdf
- https://static.usrfiles.com/ugd/b8c837_74faa0f4eac745aca4a6d1b746ea9940.pdf
- https://static.usrfiles.com/ugd/b8c837_0ff8e9464b7e449f957abea3bc35e932.pdf
- https://static.usrfiles.com/ugd/b8c837_62a7d0c0d7874b74b6a20286b1112f3b.pdf
- https://static.usrfiles.com/ugd/d01287_329369bfd853414c8813fe417e526b9e.pdf
- https://static.usrfiles.com/ugd/c618e9_37d21220e24544bbbc82a3c976280f9c.pdf
- https://static.usrfiles.com/ugd/b8c837_95c46a28cc36419e8c1291fe0b73c830.pdf
- https://static.usrfiles.com/ugd/ae15ca_7cac2674ac01442eacc269c14b218f33.pdf
- https://static.usrfiles.com/ugd/b8c837_de06e31410784dde8635aea42a71b47c.pdf
- https://static.usrfiles.com/ugd/4dd980_5eb15d7174cb4058a19fa488093ca779.pdf
- https://static.usrfiles.com/ugd/b8c837_6f776df66d0d40f7ade6c47fe730638f.pdf
- https://static.usrfiles.com/ugd/eda9ba_b02980bf932e41968a405149ea43ed45.pdf
- https://static.usrfiles.com/ugd/d162e3_8d938c6db2ea4e13b670309b90566c34.pdf
- https://static.usrfiles.com/ugd/b8c837_86d9ae27a821481aa156e7006b923e4a.pdf
- https://static.usrfiles.com/ugd/79cb75_43684708659b4937a5bf97f003e0c7d5.pdf
- https://static.usrfiles.com/ugd/b8c837_86fce33d88d24af9b0187d99524497b9.pdf
- https://static.usrfiles.com/ugd/e42ee3_75445e14b5244b1d8c855b4cac02f7c6.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b2bc.bin1100d203fd78e28f13cf1f2911cbe836084a7fa733ee8751aa31223770eb7504 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB2BC | 7676 bytes |
font_01_sfnt_off0000ccac.binb500637a21b0b34f4f8646ce5d632f9320adabd2122232e18890a227efe1cfeb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCCAC | 5368 bytes |
font_02_sfnt_off0000dee5.binfe6d9a2229454954acb5462fa272484a9c6eaedc837558f0f167b69260a12d03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDEE5 | 10976 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.