MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic indicating it links to known malicious redirector infrastructure. The embedded URL, 'https://ttraff.com/pify?keyword=operating+budget+definition+pdf', is designed to redirect users to potentially harmful content. The document body, though heavily obfuscated, contains this URL, reinforcing the malicious intent. The file also exhibits characteristics of a link farm, with numerous external PDF links, suggesting an attempt to manipulate search engine results or distribute further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=operating+budget+definition+pdf
- https://static.usrfiles.com/ugd/a44510_4ec90fa546c44afeb8b5c3572f2a7a88.pdf
- https://static.usrfiles.com/ugd/80bfa9_793e6433edeb4c2f916504778ed64b5f.pdf
- https://static.usrfiles.com/ugd/b11f6d_7093b697d71d4766ae164d5ed122fc73.pdf
- https://static.usrfiles.com/ugd/b8c837_19ee4eedaeb04954a20a3e07c9d8c732.pdf
- https://static.usrfiles.com/ugd/b8c837_de375d03be5b4531aae2a3e01fc7263c.pdf
- https://static.usrfiles.com/ugd/6d59ab_08a1502b42b048719eea856991ab4b5f.pdf
- https://static.usrfiles.com/ugd/6c032c_12bed4672427416c84165dfde7f3e536.pdf
- https://static.usrfiles.com/ugd/b8c837_d7abb618046a4f458bb58e871afd2125.pdf
- https://static.usrfiles.com/ugd/a2d007_a6c3e92e58194767b4a0d01d0691a152.pdf
- https://static.usrfiles.com/ugd/b8c837_96ea950b4b9c49b88412f97053ec8fae.pdf
- https://static.usrfiles.com/ugd/e3325f_3444332dc119481f8209185a62386002.pdf
- https://static.usrfiles.com/ugd/dd4472_22db143f15ad400885f8bb2828d3639c.pdf
- https://static.usrfiles.com/ugd/f84671_d0456467e5c24227afdf7201a408972a.pdf
- https://static.usrfiles.com/ugd/3e5d97_4e97de3dd44d48cd842309fa42323171.pdf
- https://static.usrfiles.com/ugd/e33828_0eb21b1ffc3f4b2792e5cf0f24376249.pdf
- https://static.usrfiles.com/ugd/b4f0c6_58283207f7d2472c9b10554e08e1692d.pdf
- https://static.usrfiles.com/ugd/913720_e235600013c844d8962bec323a96bbce.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/dd4472_22db14
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006605.bin6a89a8cce39b1e639bd739621a55e58e6383933e3544521854632fc119fabc18 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6605 | 5164 bytes |
font_01_sfnt_off0000779b.bin6dcef73e6f79a645065d3560cccf8463998cfd2c22a5053596d0fe7a88fb0cd9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x779B | 10300 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.