MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1059.003 Windows Command Shell
T1204.002 Malicious Link
The PDF contains a lure instructing the user to copy and paste content into a command-line interface, which is a common technique for executing malicious commands. It also embeds a link to a known malicious redirector, `https://ttraff.link/wix?keyword=asus+tinker+board+android+root`, which likely serves as the initial stage for downloading further malicious content. The document also features a large number of embedded links, many pointing to `static.usrfiles.com`, suggesting a link farm or distribution mechanism.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=asus+tinker+board+android+root
- https://static.usrfiles.com/ugd/d55797_a930d0043fea4a25bf29034987032bce.pdf
- https://static.usrfiles.com/ugd/b8c837_116f9e7c5bb14586972edbc3ed1e0a6a.pdf
- https://static.usrfiles.com/ugd/e02969_40f8d526aed4446bac72e912a543dbb2.pdf
- https://static.usrfiles.com/ugd/d1c05f_005e8c1badd347b89f871d9f4ec69783.pdf
- https://static.usrfiles.com/ugd/3bf302_e55f4abe5da14ef2b7c7e4129f21d816.pdf
- https://static.usrfiles.com/ugd/21e6f2_cc5ddcf31e63471d9ce763c9ec24d33a.pdf
- https://static.usrfiles.com/ugd/b8c837_6714d82fa35f44c6a625d57ceb2ad1df.pdf
- https://static.usrfiles.com/ugd/599026_84b7d02dd8434666bba69ddf33dccd7e.pdf
- https://cdn.shopify.com/s/files/1/0461/8236/7386/files/71468870236.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/xigemeziguvego.pdf
- https://cdn.shopify.com/s/files/1/0433/1136/6309/files/relative_clauses_examples_with_answers.pdf
- https://cdn.shopify.com/s/files/1/0435/5499/6375/files/85080788276.pdf
- https://cdn.shopify.com/s/files/1/0432/9252/4702/files/basic_electrical_and_electronics_engineering_for_diploma.pdf
- https://cdn.shopify.com/s/files/1/0434/5656/1318/files/lulolukizupeforaripuro.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000744e.bin5865d2db603690f92eed89ea5470f14808e6d29687396b985ebe58200b536943 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x744E | 4232 bytes |
font_01_sfnt_off00008330.bine086fe46eb48557f7f8fbe36b428f33197ef05ed8ab2a19b7f87e9fae833a1d2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8330 | 4980 bytes |
font_02_sfnt_off0000942c.bin0c6a2723eee9c6d25e99f791bd1f69debb7b1a32fdc0815fccb7a86f02c595b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x942C | 10112 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.