MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/wix?keyword=super+size+me+2+worksheet'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs. The document body, though heavily obfuscated, contains references to the malicious URL and other PDF files, suggesting a lure to external content. The primary intent appears to be directing users to a malicious site, likely for phishing or further malware delivery.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=super+size+me+2+worksheet
- https://bb890a49-dc60-4385-a66d-7f76f65e2d70.filesusr.com/ugd/d2759c_180e7bd83a794045b03b9fee645ce4cb.pdf?index=true
- https://2fcd5e54-0906-452c-9085-f10ad64a6fdd.filesusr.com/ugd/2dbf5a_a0ac777e8d0146f7b5f9c86c9413b786.pdf?index=true
- https://c7649d9d-1095-4d0b-820b-e76d3a02362a.filesusr.com/ugd/a91264_99718c8adc6f4569ac75d32cea69af54.pdf?index=true
- https://c378bfa7-b99f-44d5-aa1b-7e92ea228af5.filesusr.com/ugd/8e6e76_653fb381c40f4ee6b31d6cae46d0fc3d.pdf?index=true
- https://64f5dc66-eba9-44e7-aef2-0317ed581e6a.filesusr.com/ugd/e948c1_1ea2e09b28094b12a4d2db7f3fbeb7c8.pdf?index=true
- https://cba23d9f-93f6-4a7a-92c3-c4cb8a3e8d70.filesusr.com/ugd/89602e_c27b72734ab3458b8978ca2776c1aed7.pdf?index=true
- https://e96e883d-8c19-4646-8785-e998bdac09c2.filesusr.com/ugd/d2759c_901fc72e734a41698c03383642f660fd.pdf?index=true
- https://c71fc84d-6b5a-4c79-948c-159c49908568.filesusr.com/ugd/b7306e_7f6cff60799a4339a53c10b343290848.pdf?index=true
- https://a6c1b372-a7e7-48af-bdf8-c6830b879c2a.filesusr.com/ugd/48bf55_510a56eb3def4eb18057b1b686566a8b.pdf?index=true
- https://cdn.shopify.com/s/files/1/0436/4409/2566/files/zazolulusumaruzasufe.pdf
- https://cdn.shopify.com/s/files/1/0432/2230/2888/files/85877585859.pdf
- https://cdn.shopify.com/s/files/1/0427/7141/5196/files/google_sketchup_floor_plan_template.pdf
- https://cdn.shopify.com/s/files/1/0434/4807/4405/files/65468177255.pdf
- https://cdn.shopify.com/s/files/1/0433/9541/6213/files/1652599879.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000076ba.bine4226c39c147b048d9316d6843bf4645e28b1312ced1c318558e66fa2dbd21fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76BA | 5032 bytes |
font_01_sfnt_off000087fb.bin1992e13ed1cedc10acc2a848d65a6da68aad775a7185d05cfd6ab3530c55ab6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x87FB | 10520 bytes |
font_02_sfnt_off0000abfe.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xABFE | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.