MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.me/wix?keyword=daily+puzzle+answers+red+herring'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded links, some pointing to benign content but originating from a potentially malicious structure. The presence of a 'download button' heuristic further supports the lure-based attack pattern. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=daily+puzzle+answers+red+herring
- https://static.usrfiles.com/ugd/b85eb0_a384493a2cc74266b47494f0cc0dba82.pdf
- https://static.usrfiles.com/ugd/f34823_7f520e8026044562a217e90d1f91e824.pdf
- https://static.usrfiles.com/ugd/5ecadc_733344c7adbc4c6080151e5417ac20e0.pdf
- https://static.usrfiles.com/ugd/38eac1_3f68957052004c8697e9334746a54e2e.pdf
- https://static.usrfiles.com/ugd/4bb894_22e04b94d6554d828a8838b6350bc5b8.pdf
- https://static.usrfiles.com/ugd/575fb0_245fb03d53f84895aa8ef96ded78fac0.pdf
- https://cdn.shopify.com/s/files/1/0428/6559/0438/files/agenda_21_resumo.pdf
- https://cdn.shopify.com/s/files/1/0440/7335/3366/files/mofuribuwavuref.pdf
- https://cdn.shopify.com/s/files/1/0438/2969/0525/files/ordinal_numbers_in_words_1_100.pdf
- https://cdn.shopify.com/s/files/1/0432/8184/2341/files/approach_to_chest_pain.pdf
- https://cdn.shopify.com/s/files/1/0428/2771/0630/files/35405319203.pdf
- https://cdn.shopify.com/s/files/1/0429/9105/9097/files/7833200463.pdf
- https://cdn.shopify.com/s/files/1/0430/5115/5618/files/59458520141.pdf
- https://cdn.shopify.com/s/files/1/0431/1249/7312/files/29265863528.pdf
- https://cdn.shopify.com/s/files/1/0431/3012/6490/files/facies_del_pseudobulbar.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005966.bin994ef2cbd531e9ef38cb9f1b74e1d15a4708a9c56b354005c087e744cdc0bb0b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5966 | 5156 bytes |
font_01_sfnt_off00006af1.bin0237ef3cdfbf10e119df4f76bf541e8909df8f2ac95af3b21a992e593df0eff2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AF1 | 10316 bytes |
font_02_sfnt_off00008e41.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E41 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.