MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass of external links, many of which point to a redirector service. One such link, https://ttraff.ru/wix?keyword=superman+returns+pc+game+download+demo, is explicitly flagged as malicious and appears to be a lure for downloading a game. The document body, though heavily obfuscated, contains this URL, reinforcing its role in the attack. The presence of numerous links suggests a link farm or SEO poisoning tactic to distribute malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=superman+returns+pc+game+download+demo
- https://static.usrfiles.com/ugd/b77b08_cef1526d13474391abfc6c3fe8e72571.pdf
- https://static.usrfiles.com/ugd/b8c837_d2fc01be6ca84681814b5d766f228403.pdf
- https://static.usrfiles.com/ugd/cf79db_b55f98ec204742d3b5d938e49598e429.pdf
- https://static.usrfiles.com/ugd/b8c837_407fb36b545b451db726156f0a55eebe.pdf
- https://static.usrfiles.com/ugd/b6edda_18b4e5a3cd9c4829bf4bf56e42d79821.pdf
- https://static.usrfiles.com/ugd/4bdc6d_cdefc0955169477a8b438f7824fee293.pdf
- https://static.usrfiles.com/ugd/0c8cc8_87f61a26f02d464d96a6fce63360b3e1.pdf
- https://static.usrfiles.com/ugd/b8c837_a7d1e08b2b22426390614c8d885f4e7b.pdf
- https://static.usrfiles.com/ugd/34ec99_28d163dc864e4e7a91eb7d0e101f15bb.pdf
- https://static.usrfiles.com/ugd/b8c837_b47872eb1fc74acd89e7d333ae2f581c.pdf
- https://static.usrfiles.com/ugd/bb13a2_04fa4296d9b94ba692d77de4be76e728.pdf
- https://static.usrfiles.com/ugd/b8c837_2f5f02556bc54717b8328048df782305.pdf
- https://static.usrfiles.com/ugd/3e9e83_2c70edff5fdd4d419456d3b1344e8ddd.pdf
- https://static.usrfiles.com/ugd/b8c837_ccdd99dee19742eaaccc7bd74fa3b04f.pdf
- https://static.usrfiles.com/ugd/b8c837_4beb8039afed4e47a032263a46b8e020.pdf
- https://static.usrfiles.com/ugd/4c1554_f19940c8d45448078b41d790a9da75f6.pdf
- https://static.usrfiles.com/ugd/1cfe37_1b9ccc4a6d22450f80be7853d49f7f99.pdf
- https://static.usrfiles.com/ugd/33c377_823ac7b8bd5046228cf701189a360fb5.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a8b.binbd8f874b5c783106a4ce3d1c63e62390e7a2ad0fe2e3f5a7adcedd1173628e78 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A8B | 5424 bytes |
font_01_sfnt_off00007ce5.bin420285c5b7f0c3e2343b1f93cf5340b4da502e160d8542035ca108f917df1cd6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7CE5 | 10144 bytes |
font_02_sfnt_off00009f49.bin4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9F49 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.