MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document contains a prominent link to 'ttraff.cc' which is flagged as a malicious redirector, specifically mentioning 'fl studio crack password'. The document also exhibits characteristics of a link farm, with numerous embedded URLs pointing to external PDFs. The presence of a 'password-protected archive handoff' heuristic suggests the document is designed to trick users into believing they need a password to access content, a common tactic to bypass gateway security. The overall goal appears to be delivering a malicious payload disguised as software cracks.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=fl+studio+crack+password
- https://static.usrfiles.com/ugd/b8c837_04df39916c0448b7893174574e4d757d.pdf
- https://static.usrfiles.com/ugd/b8c837_bb87d76275f6410396f818cfa8ea8907.pdf
- https://static.usrfiles.com/ugd/b8c837_9103ccc0c81647c68040e4b2ae5c9f27.pdf
- https://static.usrfiles.com/ugd/b8c837_fff4ad784f5a4d17bf498ad3557e0813.pdf
- https://static.usrfiles.com/ugd/e745be_144d66becc5a4e97b8d01d04f242d2f9.pdf
- https://cdn.shopify.com/s/files/1/0431/4251/2802/files/18715296208.pdf
- https://cdn.shopify.com/s/files/1/0428/4504/4892/files/python_data_analysis_example.pdf
- https://static.usrfiles.com/ugd/b8c837_6ae7a3b30e464cac819b16d734e8f7b0.pdf
- https://static.usrfiles.com/ugd/2f8cea_db1fd43991e24c2bb6a04e62f66be211.pdf
- https://static.usrfiles.com/ugd/b8c837_13281f00f0d746fb824f14a438d82bfa.pdf
- https://static.usrfiles.com/ugd/b8c837_5b0f340cbc6d40aa8891f4a2860b948b.pdf
- https://static.usrfiles.com/ugd/b8c837_68d2c8855b2a4a2b8bc2f4f02c9fc655.pdf
- https://static.usrfiles.com/ugd/b8c837_c080850913a1470aabe575ec17ed4d95.pdf
- https://static.usrfiles.com/ugd/b8c837_9431dcffb636424b802f7aac8940d8e2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000720c.binc43ac0d7f6a7603fbe9eb8fff096e9e8440ca71d26ddbf5a383c3434268d2f71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x720C | 5176 bytes |
font_01_sfnt_off000083c8.bin098b95bab9b8e28b20ba93c4fe662fc638a19c3c114bfa6f937638e54a0b404c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x83C8 | 10888 bytes |
font_02_sfnt_off0000a924.binbf8f9ece8d9d74ce2d7a98a07ee1bb8f4056faf702b3b1702118181e85f1b939 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA924 | 16312 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.