MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, which points to 'https://ttraff.me/wix?keyword=character+reference+for+court+template+australia'. The document body, though heavily obfuscated, contains this same URL, suggesting the primary intent is to trick the user into visiting this malicious site. The file also exhibits characteristics of a link farm, with numerous embedded URLs, many of which are benign Shopify links, likely used to mask the malicious redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=character+reference+for+court+template+australia
- https://cdn.shopify.com/s/files/1/0433/4066/0895/files/53017203884.pdf
- https://cdn.shopify.com/s/files/1/0431/9028/8535/files/browser_jio_phone_whatsapp.pdf
- https://cdn.shopify.com/s/files/1/0432/0044/6626/files/dns_probe_finished_no_internet.pdf
- https://cdn.shopify.com/s/files/1/0434/1317/6469/files/surah_yasin_jakim.pdf
- https://static.usrfiles.com/ugd/b8c837_b89788869c5943fcbffa2295ffcc492d.pdf
- https://static.usrfiles.com/ugd/7041e4_7a70ca46347244e488fcf5a9d89a773c.pdf
- https://static.usrfiles.com/ugd/ce14f3_8c1d2af3dfe84b8186d7cd92aecf4300.pdf
- https://static.usrfiles.com/ugd/74a852_3b289228a18443259dcf396df8156995.pdf
- https://cdn.shopify.com/s/files/1/0428/9737/5399/files/27553702558.pdf
- https://cdn.shopify.com/s/files/1/0433/7595/2030/files/razinaxefawavi.pdf
- https://cdn.shopify.com/s/files/1/0437/6772/6232/files/89448370197.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/51031200676.pdf
- https://cdn.shopify.com/s/files/1/0436/5775/6825/files/dapuwevasenobo.pdf
- https://static.usrfiles.com/ugd/338562_6ee394d6fc8e4460bc3101fde88ca572.pdf
- https://static.usrfiles.com/ugd/909b15_1565e1d69dc44d87909a44298a7ff647.pdf
- https://static.usrfiles.com/ugd/9e41f0_58b481b8f7834865b57e3ff7a013ad82.pdf
- https://static.usrfiles.com/ugd/0047a4_c874ce97df4f45c282c16edbd575793b.pdf
- https://static.usrfiles.com/ugd/b8c837_1068a86272d44ee79c5c33a8e5e7a9ab.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006793.bin6afd3847e58ff855946c4fbbe49203de010d4c4ba8bba00c43d9440612d41edb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6793 | 5160 bytes |
font_01_sfnt_off000078f1.bin2f2a60849f59456fa80d3dc384410bc43370944a294eb8adf9779084d6764ef6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78F1 | 9800 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.