MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link to a known malicious redirector, which is designed to obscure the final destination. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of links, likely for SEO poisoning or to host further malicious content. The 'SE_PASSWORD_ARCHIVE_LURE' heuristic suggests the document's purpose is to trick the user into downloading a password-protected archive, a common tactic to bypass gateway security. The embedded URL 'https://ttraff.link/wix?keyword=email+html+form+results' is the primary indicator of this redirection chain.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=email+html+form+results
- https://static.usrfiles.com/ugd/3d7af5_8e5a50dfabf64f49b5730b891c437169.pdf
- https://static.usrfiles.com/ugd/882da0_0845406d30884b7da3be3d7a52551cf2.pdf
- https://static.usrfiles.com/ugd/b42fd6_f55214f2596843d1be6ab9b33ed6fb00.pdf
- https://static.usrfiles.com/ugd/b8c837_9dae4572c89c462bb1fbd486ac6bdc0a.pdf
- https://static.usrfiles.com/ugd/b8c837_9acc212e5ff740a98d511d212432a204.pdf
- https://static.usrfiles.com/ugd/ce0e6d_4d159ebaa06f49cbb6f11c5c0a435e23.pdf
- https://static.usrfiles.com/ugd/d01287_c423ccb3b03f4c51bdd4de531c1db622.pdf
- https://static.usrfiles.com/ugd/2eec94_2f82dbdcea814974b52d1e211ed3993c.pdf
- https://static.usrfiles.com/ugd/44b221_61e4ab4557a5451d954494e2126b80cd.pdf
- https://static.usrfiles.com/ugd/2074c9_372660eb787a45b4980e08ee624b8b4f.pdf
- https://static.usrfiles.com/ugd/a891c0_4d01c3eefa8242adbad99a1d259bd140.pdf
- https://static.usrfiles.com/ugd/0f9ef0_7c08215ccf9746fdbb2a57d907879996.pdf
- https://static.usrfiles.com/ugd/dc8a8e_4b5fe16b0f584250a7dd3602aac8ca41.pdf
- https://static.usrfiles.com/ugd/e3c460_b9988990158f4c80aab84435d5a46077.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006640.bin5b7f9892e402092fd64b44e26d29a966cb09fb6e449a87750ebd341aa603990a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6640 | 4964 bytes |
font_01_sfnt_off000076ef.binef921e7c0aff65a622cb7902fb86c458de6eef1121b4680537736bf56eaee883 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76EF | 10944 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.