MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a redirector URL, which is a common technique for delivering malicious payloads. The document body and heuristics suggest a lure related to scholarship information, aiming to trick users into clicking the malicious link. The presence of multiple external PDF links also indicates a link farm, likely for SEO poisoning to increase visibility of the malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=5th+scholarship+answer+sheet+pdf
- https://static.usrfiles.com/ugd/ca300b_6a95daa8421a42e8a141193cc995fc29.pdf
- https://static.usrfiles.com/ugd/4117a9_3bf08e5101b24a1893ae023c45e10a7f.pdf
- https://static.usrfiles.com/ugd/225520_ca4c2f7bbd7d4e91b11ad768f9677474.pdf
- https://static.usrfiles.com/ugd/277b62_7719fa6757cc4d2fad5b66b177df3175.pdf
- https://cdn.shopify.com/s/files/1/0437/6926/6333/files/gegekolezik.pdf
- https://static.usrfiles.com/ugd/83e24f_1bbe00f79d324a6bbc5b538a1b0c61e0.pdf
- https://static.usrfiles.com/ugd/b8c837_741b7f6a61d14d2093375e09dc85b30b.pdf
- https://static.usrfiles.com/ugd/b5472a_f2a3e5726faa4c90bfa8b86beda12589.pdf
- https://static.usrfiles.com/ugd/4d935e_1056680e8bbc450ab860dc8c53d0d8b2.pdf
- https://static.usrfiles.com/ugd/b8c837_3425ea3cae1047a7a6a250a5698b0591.pdf
- https://static.usrfiles.com/ugd/16a96a_343629da1ecc41e1a095caa46013f71b.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000071c0.bin607f50fd2b16f4aa3a32d0e84969cb3ba0d6de62ca7acdacdd91de5a8c34b2ba |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71C0 | 5152 bytes |
font_01_sfnt_off00008342.bina7c194c348f4bc26aad06ae1fa1eadf76503a3aca856ff80314c3d87a816eea9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8342 | 3720 bytes |
font_02_sfnt_off00008ea2.binc029f12b946edde39971108d83c3bc2f7593d30960cf826f71903492c84e6b0a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8EA2 | 10684 bytes |
font_03_sfnt_off0000b2b3.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB2B3 | 4324 bytes |
font_04_sfnt_off0000c0b3.binba8a45c138bb858120b03cdc91c699730589e673bb8f8a6fbf679527cd578f97 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC0B3 | 7336 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.