MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link farm and a specific malicious redirector URL, suggesting a phishing or scam attempt. The document body, though heavily obfuscated, contains the URL 'https://ttraff.me/wix?keyword=how+to+add+realistic+grass+roblox+2020', which is likely intended to lure the user into clicking it. The presence of numerous external PDF links further supports the link farm heuristic.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=how+to+add+realistic+grass+roblox+2020
- http://zagilaso.wildeaboutexploring.com/uploads/1/3/0/7/130776131/8130000.pdf
- http://files.myemdash.com/uploads/1/3/0/8/130813582/gekawunowovaf_jalumelu.pdf
- http://files.liveactionguideservice.com/uploads/1/3/1/8/131871568/4257493.pdf
- http://files.medinastreetvault.net/uploads/1/3/1/8/131871642/xazewajaw-mebom-rogulagoge.pdf
- https://95eb5f02-38b1-4855-9115-0bfa8f9db42a.filesusr.com/ugd/39a0fd_d353f69dd49c4c6babb106b265d83cda.pdf?index=true
- https://bda01b83-951e-493e-a705-0d78b89cb14c.filesusr.com/ugd/c8d394_702e980fde1e4ac7b386a7870c21ef5b.pdf?index=true
- https://0a8cd30a-c6c7-4c03-8970-5aab29f53294.filesusr.com/ugd/269bb8_dbe792bb7b0d47829b1b356d8d9486dc.pdf?index=true
- https://13bfa6d7-f724-44d4-b207-b7c8035ef9fc.filesusr.com/ugd/3225da_db7c5de134324905a79f790217a9dda1.pdf?index=true
- https://1d9b97aa-c428-46db-9e12-c6d11458ab5d.filesusr.com/ugd/e2c250_cd37ff778fb94a9bb49abc0e4901aa49.pdf?index=true
- https://b10eb0d4-1642-448b-a747-d0d794614b21.filesusr.com/ugd/2f3216_29efa12ff70646bb9757ac07e56e2c7e.pdf?index=true
- https://77c59716-c0ab-4001-b0e9-ff3ef2121ecd.filesusr.com/ugd/120874_80223dbb9b9840f19551bb335a7d8a23.pdf?index=true
- https://cf58b9a8-a71c-47e6-9cf1-20c2ae4efea1.filesusr.com/ugd/0789d5_d3efedc89e5d4a859dfff87633f5bd00.pdf?index=true
- https://0b79a2c2-73fa-44a4-ae2c-8f818a4e925a.filesusr.com/ugd/8a9bcc_bd768bfbd4424b7d89f0db57e1bfbf1f.pdf?index=true
- https://8ea90d07-57c4-4121-81f1-d74cfde6c253.filesusr.com/ugd/733c1f_31e1693afc884f798b71519d2165af48.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000725d.bin417c3b080a2d9e7b9f1f45d5102eaf828f7487324aab3392c01793c49f792f62 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x725D | 5644 bytes |
font_01_sfnt_off000085ae.bina9abce83b3c9b8150a7dbd25fb549467a6fe0a829b8a26bffe2fc9f6a5d4cacd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85AE | 10832 bytes |
font_02_sfnt_off0000aaf7.bina7b4dd60e9bd871edee5dd043bd46efc3b617de53f2c2bc8e43ba6e789cf49fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAAF7 | 16772 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.