MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/wix?keyword=dte+energy+power+outage+report'. This URL is likely part of a phishing or scam campaign, attempting to lure users with a fake report. The document body, though heavily obfuscated, contains references to the same malicious URL and a benign-looking PDF, suggesting a link farm or redirection strategy. The PDF also contains a large number of embedded links, many pointing to static.usrfiles.com, which is flagged as a link farm.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=dte+energy+power+outage+report
- https://static.usrfiles.com/ugd/e745be_c3ebc42114ba434aad4705adbb5ef9b7.pdf
- https://static.usrfiles.com/ugd/b65acf_b0df0588fc7c4d6882c5d978afc56f83.pdf
- https://static.usrfiles.com/ugd/df4650_7db6c628603b49b990719eaa5b3aecf9.pdf
- https://static.usrfiles.com/ugd/d90490_f08eaf2557714580aaf7a0897a19495c.pdf
- https://static.usrfiles.com/ugd/38eac1_93134ef4a2534b6aacbe7e48202009a6.pdf
- https://static.usrfiles.com/ugd/08fe48_b9a73b471119443d995a94c40b1fb168.pdf
- https://static.usrfiles.com/ugd/0c268c_68c0b7deead24ea9897cebc3bf912deb.pdf
- https://cdn.shopify.com/s/files/1/0437/1723/0741/files/20333889360.pdf
- https://cdn.shopify.com/s/files/1/0429/3830/2630/files/49287457450.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/doworefobose.pdf
- https://cdn.shopify.com/s/files/1/0433/7532/9443/files/35825743551.pdf
- https://cdn.shopify.com/s/files/1/0429/3751/6191/files/job_er_full_form.pdf
- https://static.usrfiles.com/ugd/724fb5_ebc1fbfcc7814ba9826deba16d0e4f33.pdf
- https://static.usrfiles.com/ugd/b8c837_eb335737a47b4a68aba77d7ba136fa2a.pdf
- https://static.usrfiles.com/ugd/277b62_551eb8971f96464db65ab8e30a8e10f2.pdf
- https://static.usrfiles.com/ugd/565485_090080117af0490788d6491765f9f5ed.pdf
- https://static.usrfiles.com/ugd/b8c837_b88d344323bb46cabc741122bd7c87af.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068fb.binb291209907cf9a538e6433179e90a292a4111d05e44de1451b591c7eec62ad3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68FB | 4804 bytes |
font_01_sfnt_off00007976.bin6b1e6264c04b8ee75b3af4530ad17ed95fd7c967f2c0cb99fe8e3c02520c4a7d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7976 | 14964 bytes |
font_02_sfnt_off0000a81e.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA81E | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.