MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass of external links, a common technique for SEO poisoning or creating link farms. One of these links, 'https://ttraff.link/wix?keyword=2005+vw+jetta+gls+manual', is identified as a malicious redirector. The document body, though heavily obfuscated, contains text related to a car manual, suggesting a lure to entice users to click the malicious link. The presence of numerous benign-looking PDF links from static.usrfiles.com likely serves to mask the malicious redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=2005+vw+jetta+gls+manual
- https://washingtondc.craigsl
- https://static.usrfiles.com/ugd/b8c837_756280f7b4e343b4939720676291bbec.pdf
- https://static.usrfiles.com/ugd/e2f7e1_10e2533ba2304f988a58457dabd953ed.pdf
- https://static.usrfiles.com/ugd/01e791_c9d36df8097e498582981cbb85099fbb.pdf
- https://static.usrfiles.com/ugd/b8c837_eb8056e2478d4a9590e3d1a63ee3de1e.pdf
- https://static.usrfiles.com/ugd/b8c837_9c5e88d230c347a6a819567be00ac3b9.pdf
- https://static.usrfiles.com/ugd/b8c837_216199422f274026a51ee88479231818.pdf
- https://static.usrfiles.com/ugd/b8c837_b8ac8470e0cb42a2a898a88c7b77eccc.pdf
- https://static.usrfiles.com/ugd/b50c55_4ab1ceeb815e4839916f0209c7c20fdd.pdf
- https://static.usrfiles.com/ugd/b8c837_c56c23667a3c4f32b15b664030b16ee7.pdf
- https://static.usrfiles.com/ugd/b8c837_73d299d862fd4e2e9863d1280a5e008d.pdf
- https://static.usrfiles.com/ugd/b8c837_bebec2d79e4a49c6bd4768229736433d.pdf
- https://static.usrfiles.com/ugd/b8c837_62a5d968ecc846639d3de5cc1a6faf2a.pdf
- https://static.usrfiles.com/ugd/a64c8c_031313e8ae174a46a8b927fc561d68fb.pdf
- https://static.usrfiles.com/ugd/b8c837_2c72998f81a24045ab070bbb986368ff.pdf
- https://cdn.shopify.com/s/files/1/0432/0342/8510/files/rirojugexifonowep.pdf
- https://cdn.shopify.com/s/files/1/0437/4613/2129/files/orange_gradient_background_free_vector.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000051fd.bin6bcf0b237960911b1883dbc03e18c8be063e35858f6fd257d82c74e181d3a88c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x51FD | 5440 bytes |
font_01_sfnt_off00006484.bin019f8a37dad41105489da6afad836058394ac295ad664fe4a598eee4eebd0e0c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6484 | 12640 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.