MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.club/wix?keyword=manual+mosaic+glass+tile+cutter'. This link is presented within the document body, suggesting a social engineering lure to direct users to malicious infrastructure. The file also exhibits characteristics of a link farm, with numerous external PDF links, further supporting a malicious intent to distribute or redirect. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=manual+mosaic+glass+tile+cutter
- https://2b8e1504-cc84-4a94-acf5-835e6c3aba84.filesusr.com/ugd/1b9faa_0b4f9f007dcd4cb4998de52f7040119b.pdf?index=true
- https://71efe4b1-4083-4796-a3f7-6092dfc33199.filesusr.com/ugd/3bcfef_9ea189b758d44468af07be93f64e40cf.pdf?index=true
- https://5c73bf97-60d1-4075-984a-a500c0ddc98f.filesusr.com/ugd/d2759c_59144bd9dc8d42089ac8ed1822a78798.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/5103/1447/files/technical_theatre_resume_template.pdf
- https://cdn.shopify.com/s/files/1/0432/7181/5331/files/58979414673.pdf
- https://cdn.shopify.com/s/files/1/0433/8935/4149/files/hiren_s_boot_cd_15.1_usb.pdf
- https://d89e1f88-d516-4695-bc6d-fb07b191ac2c.filesusr.com/ugd/ccf397_42cebc681d0f4de2ab3a08328552c0ed.pdf?index=true
- https://6347e0f9-b5ae-4953-b24b-c00e4ad25d4c.filesusr.com/ugd/eda9ba_f6e39419675f4f43addb83755045b0c7.pdf?index=true
- https://683870b3-53df-4ee4-8b7c-dac589815ce3.filesusr.com/ugd/9117e0_e64c5bd84c144724a6bfc0fa161b807a.pdf?index=true
- https://29f764aa-9164-40e7-997f-4ff4faa1cc96.filesusr.com/ugd/bb05c1_ffa937e744dc4a019416de8c288f4f8a.pdf?index=true
- https://63a5476d-7326-4f23-83b5-0cbaad8b1ec3.filesusr.com/ugd/4ae4db_dcc5646e47f2436e8b76d04301318088.pdf?index=true
- https://cdn.shopify.com/s/files/1/0448/1590/9026/files/false_cognates_english_spanish.pdf
- https://cdn.shopify.com/s/files/1/0435/5401/3336/files/rogajagomuji.pdf
- https://cdn.shopify.com/s/files/1/0429/2119/7724/files/jimazef.pdf
- https://cdn.shopify.com/s/files/1/0429/7133/2767/files/vufafatekutaso.pdf
- https://cdn.shopify.com/s/files/1/0440/4976/0421/files/business_environment_class_12.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006dba.bin5a3ac05aaca3550a5324bacd5a46183b86113c13d5cd836d7ee8c7ec9c089f29 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DBA | 5124 bytes |
font_01_sfnt_off00007f1f.bin317aa4ad246aafb58fd210c3ca941e2f6a1836c04ff2f00122b306affc6bba3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F1F | 10208 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.