MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=solid+state+electronic+devices+stree'. Additionally, it exhibits a PDF link farm pattern, with numerous links to external PDFs hosted on 'static.usrfiles.com'. The document body also contains the malicious URL, reinforcing the lure. The 'SE_CALLBACK_LURE' heuristic suggests a phishing or tech-support scam context.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=solid+state+electronic+devices+stree
- https://static.usrfiles.com/ugd/b8c837_7f3cd09ffc994c1f9ca8a27c62383c76.pdf
- https://static.usrfiles.com/ugd/b8c837_07761a20b169468d989b6dfce4f0a24c.pdf
- https://static.usrfiles.com/ugd/b8c837_1bc86fc5fac14d61b37474c2b72f5a14.pdf
- https://static.usrfiles.com/ugd/b8c837_ef9c58fd780d47ad954c7516dc40384f.pdf
- https://static.usrfiles.com/ugd/b8c837_ec5cedd48e114c2493038d81e44ebfea.pdf
- https://static.usrfiles.com/ugd/b8c837_7331cb75466f4d14ab4eec207a33c1d8.pdf
- https://static.usrfiles.com/ugd/b8c837_1276160a6c1640e9867112061de85892.pdf
- https://static.usrfiles.com/ugd/b8c837_50302e195d97412e80bf43dd01a2dd3b.pdf
- https://cdn.shopify.com/s/files/1/0439/1347/8312/files/fogavosamozuro.pdf
- https://cdn.shopify.com/s/files/1/0447/9015/3365/files/catalog_avon_c15_2020.pdf
- https://cdn.shopify.com/s/files/1/0431/3009/3728/files/12904900808.pdf
- https://static.usrfiles.com/ugd/b8c837_9626813987cf4cf2a2853db0e124cfbc.pdf
- https://static.usrfiles.com/ugd/b8c837_a9789247974e447ba1fc982efcc949e2.pdf
- https://static.usrfiles.com/ugd/b8c837_1de87f838e7b449388f40ad979f462a4.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/b
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e36.binc85c5143eddc2d080f3f3f5dd7465615e1744fed053f7a0051669f1917cd7f1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E36 | 5096 bytes |
font_01_sfnt_off00007f94.binc31a81f3b1074367d8f96f9afcb1954178286d932abd6eee0bc66a286f1645ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F94 | 14940 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.