MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to a link farm designed to manipulate search engine results. One of the primary links directs to a known malicious redirector, 'ttraff.me', which likely serves as a lure for malicious content or further exploitation. The document body, though heavily corrupted, contains fragments of the target URL and references to 'wkhtmltopdf', suggesting it was generated programmatically.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=photo+grid+collage+maker+mod+apk
- https://static.usrfiles.com/ugd/b8c837_72cc9411a6e04e4992ef968791678a7a.pdf
- https://static.usrfiles.com/ugd/b8c837_af3fb698941c4120bcebc329ca68dcf0.pdf
- https://static.usrfiles.com/ugd/b8c837_3266973cf40d4bb08be5c98beabdb23c.pdf
- https://static.usrfiles.com/ugd/b8c837_e83933a8ccff41bcb65acf3b89c9b470.pdf
- https://static.usrfiles.com/ugd/66c878_16f5e7a6e4f749fda121b197d5121f62.pdf
- https://cdn.shopify.com/s/files/1/0431/9156/6493/files/28765397862.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/dobemajafapurotexujebo.pdf
- https://cdn.shopify.com/s/files/1/0431/1141/5962/files/ritetimaluke.pdf
- https://cdn.shopify.com/s/files/1/0435/9720/1567/files/slang_and_sociability.pdf
- https://cdn.shopify.com/s/files/1/0436/8292/2646/files/vector_banner_background_design_free.pdf
- https://cdn.shopify.com/s/files/1/0430/1350/5185/files/motorola_surfboard_sb5101u.pdf
- https://cdn.shopify.com/s/files/1/0429/0979/4463/files/77738771417.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008437.binb3260a8b27c40a1c9408c40b3dcfb9ec9ded560232013cbc1ca8de37ebb5a831 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8437 | 6588 bytes |
font_01_sfnt_off000094b1.bin7a85bae22a530bf014afc6055946106e0c29a586815f91e532899b0915b267af |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x94B1 | 5376 bytes |
font_02_sfnt_off0000a6c6.bin924bd63be9c93f484ab90d0168a88a5bd39e5774c7d2f720c7d2063bbaffe558 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA6C6 | 6012 bytes |
font_03_sfnt_off0000bccc.bin6b083e280368d6faf174a334f1bed3892f6fcfb0ff4be6837f4adcfe93bd1f7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBCCC | 10480 bytes |
font_04_sfnt_off0000e0a1.binb2057a72422fbad866078cd0ce671fd972f551555d9f91c6ce62c9834d3f2135 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0A1 | 2620 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.