MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains multiple embedded links, with one heuristic specifically identifying a malicious redirector at 'https://ttraff.cc/wix'. Another heuristic indicates a link farm, with the primary link pointing to a Shopify domain. The document body, though heavily obfuscated, contains text related to 'blumberg forms free' and a URL, suggesting a lure. The presence of a callback phishing lure heuristic further supports the malicious intent.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=blumberg+forms+free
- https://cdn.shopify.com/s/files/1/0428/5346/6271/files/cubase_7_trial_activation_code_crack.pdf
- https://cdn.shopify.com/s/files/1/0435/5840/4245/files/34604920732.pdf
- https://cdn.shopify.com/s/files/1/0433/9941/3910/files/wubok.pdf
- https://static.usrfiles.com/ugd/79cb75_b325f87b27d14669a2ba26a328eaa0e5.pdf
- https://static.usrfiles.com/ugd/5af86b_a342c5e5dcfb4e7daba115d8bb3f27b3.pdf
- https://static.usrfiles.com/ugd/b8c837_24ede20650a348659a7f1e479947ac59.pdf
- https://static.usrfiles.com/ugd/b8c837_7f3cd09ffc994c1f9ca8a27c62383c76.pdf
- https://static.usrfiles.com/ugd/b8c837_ea6993ee717a4ae3825905e4c241461b.pdf
- https://static.usrfiles.com/ugd/b8c837_33b5473b48854912a814f3597e7a1539.pdf
- https://static.usrfiles.com/ugd/b8c837_8038d36d41934821ac87470cbef14c3d.pdf
- https://static.usrfiles.com/ugd/ea5d7b_a1cad248754a4cae8d737f85de533c20.pdf
- https://static.usrfiles.com/ugd/b8c837_02fdf7ef2b034ecda35f0a51f9c8da88.pdf
- https://static.usrfiles.com/ugd/b8c837_955a13aea1074fa1b367fd6c49cbe768.pdf
- https://static.usrfiles.com/ugd/f967ac_c06c80e409a248d5932462191a0d5889.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000732a.bin10c0029adce61a4eafb0a78da592a1889a1cd36f4d5cbea54cfbbf729d355e4a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x732A | 5124 bytes |
font_01_sfnt_off0000811e.bin774407dc71f382fcab1c518b8911bbf6ec3a4e3d3f9037b2279f64db71aeffcc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x811E | 5064 bytes |
font_02_sfnt_off00009248.bin6606a6120640dd6ee774b7a114627486ed115d1fbc5eddd4b2d42f6f192e3393 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9248 | 11700 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.