MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com'. This is further supported by another critical heuristic indicating a PDF link farm, with the primary link also leading to a potentially malicious domain. The document body contains a call-to-action phrase, suggesting a lure to trick the user into clicking the malicious link, likely to download further malware or phish for credentials.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=whatsapp+messenger++google+play+store
- https://static.usrfiles.com/ugd/9219f8_c0808fe4f4b44d3080a4caf3a256f923.pdf
- https://static.usrfiles.com/ugd/4e6dd5_fdb21797510e413fa67cad55feadcff9.pdf
- https://static.usrfiles.com/ugd/b8c837_c72d4cc9d08e407a96a115c73616bcef.pdf
- https://static.usrfiles.com/ugd/3aee12_97597051982d4f34a7118cbb563ab322.pdf
- https://static.usrfiles.com/ugd/6c032c_405fd81209104748ab0a633b769c8d21.pdf
- https://cdn.shopify.com/s/files/1/0433/4449/4750/files/wazufiranumosevimalo.pdf
- https://cdn.shopify.com/s/files/1/0436/6290/1401/files/fagimaloloziragubitobisex.pdf
- https://cdn.shopify.com/s/files/1/0437/3954/5761/files/sudupegusupemifolafigivur.pdf
- https://static.usrfiles.com/ugd/f0f215_52de88b180b949139528c150ef79c067.pdf
- https://static.usrfiles.com/ugd/ee9d3f_09a3ad62a0714c66b54c02cc2c76bd72.pdf
- https://static.usrfiles.com/ugd/0286dd_eae770d4142447c0ac4a1fa94f7a8149.pdf
- https://static.usrfiles.com/ugd/b8c837_fe21bb3b5f854e4bb769562a51c4d40a.pdf
- https://static.usrfiles.com/ugd/cfa91a_a5242ab644d44a8d9391bf871d309e55.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/9219f8_c0808fe4f4b4
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000096f6.binfc7f0c9e0e228a8cd6b543f127f69692e09d16531b6bcf2a922c49d36951af5a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x96F6 | 5088 bytes |
font_01_sfnt_off0000a81d.bin51445be4ec686031f2e4f0623cb9fd746497ff3bd3aa24f137cfe13613b40e4d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA81D | 3728 bytes |
font_02_sfnt_off0000b72a.bin45db825a20e925a264dc84547d1175a7d3900ad9a6a180b1f3be89ba92fcbb69 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB72A | 10400 bytes |
font_03_sfnt_off0000daf6.bin9d8fdd7190a9f7073a8cc87d2189da66030b007f3954a02b86e3271fc711d77e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDAF6 | 16420 bytes |
font_04_sfnt_off0000f14b.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF14B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.