MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing indicating it links to a known malicious redirector. The document body, though heavily obfuscated, contains the URL 'https://ttraff.club/wix?keyword=right+triangles+worksheet+answers', suggesting a lure to a malicious site. The presence of numerous other PDF links also points to a link farm or redirection strategy.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=right+triangles+worksheet+answers
- https://24e6f897-9318-46aa-8777-51f5accfde55.filesusr.com/ugd/61804c_0cd11ba2eecc4c88b12588b820f43458.pdf?index=true
- https://1bb2ad6e-92c4-44bf-8a0e-a3d700e16993.filesusr.com/ugd/d1d005_d97040dbb80c48809f28092c2385e7f4.pdf?index=true
- https://cca75113-2b83-431f-bf8d-52cd775495fc.filesusr.com/ugd/12dc78_54b17e135e14492e85717faf9c04c740.pdf?index=true
- https://cdn.shopify.com/s/files/1/0461/7466/6905/files/puxapitisazuzolefoximuvuv.pdf
- https://cdn.shopify.com/s/files/1/0435/9297/4499/files/22999345178.pdf
- https://cdn.shopify.com/s/files/1/0432/1119/4525/files/79020832314.pdf
- https://cdn.shopify.com/s/files/1/0435/8687/9651/files/zogonum.pdf
- https://3d97003c-8e5b-4184-8925-689ac81e55b8.filesusr.com/ugd/d63aaf_70a87d6256e04b9c96fe553b1482bc55.pdf?index=true
- https://9e84057c-0e1f-40d7-a7b3-d5eff7de91aa.filesusr.com/ugd/c63bf9_1b4bc994295d449d83107d8e0859aa1c.pdf?index=true
- https://12fd9a6b-44d8-48e2-9d5e-a22c20474fb2.filesusr.com/ugd/10b03a_f13c049f5dc44c3eae0e1635beb99436.pdf?index=true
- https://16559389-2fd7-44aa-81c3-b0a330bcde76.filesusr.com/ugd/6166c9_d3a753516ecf49c990b21c70045d87a0.pdf?index=true
- https://e81e896a-c666-419f-8ccd-36127ee4e5df.filesusr.com/ugd/d5415a_8ce659b11d604d708631c63138cce0ef.pdf?index=true
- https://f0684ada-1ee1-4391-bef0-dc0efd6ae98d.filesusr.com/ugd/db80c5_5889bd45e2e14c5cb7a1c98ff19b439d.pdf?index=true
- https://30870d2a-c68e-46a5-9f15-d9a0571be0c1.filesusr.com/ugd/1e52da_566d752bd6e845c5925936b09043f77a.pdf?index=true
- https://b93393b3-20e3-47e1-b2e9-24749205eb45.filesusr.com/ugd/d8966e_2e01d9f87b894c3892fd16fec12915c1.pdf?index=true
- https://2bee0f23-d4b2-4541-9325-8c19801ef664.filesusr.com/ugd/5b9a87_8e049edb77904195bc1b1937b8e62b1b.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://2bee0f23-d4b2-4541-9325-8c19801ef664.filesusr.com/ugd/5b9a87_8e049edb77904195bc1b1937b8e62b1b.pdf?index=tru
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000065b4.bin969af7284e196059f656db5f0906f53867b40eefb59192441d8de1027bf5fb6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65B4 | 5112 bytes |
font_01_sfnt_off00007729.bin1e53ac2ac0efaa2dfd62fbf80d4065755eedaf2d09d72c84b46ad0a85bca7f68 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7729 | 10520 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.