MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a malicious redirector link disguised as a download for movie files. This link points to 'ttraff.link', which is known malicious infrastructure. The document also contains a large number of external PDF links, many of which are benign, but the primary malicious link is the critical finding. The presence of a visual download button further supports the lure.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=angamaly+diaries+movie++400mb
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/24501063531.pdf
- https://cdn.shopify.com/s/files/1/0428/5458/0390/files/gitanjali_gems_balance_sheet.pdf
- https://cdn.shopify.com/s/files/1/0435/8694/5187/files/ignition_temperature_of_fuels.pdf
- https://cdn.shopify.com/s/files/1/0431/4506/8699/files/figakobofofe.pdf
- https://cdn.shopify.com/s/files/1/0438/6249/1286/files/fish_biryani_recipe_in_tamil.pdf
- https://cdn.shopify.com/s/files/1/0431/7279/0427/files/canon_in_d_acoustic_guitar_tab.pdf
- https://static.usrfiles.com/ugd/b8c837_374079b2775b4614b91333ce9e794495.pdf
- https://static.usrfiles.com/ugd/7c3584_c8afe9844ccf4bf39e934b67169db145.pdf
- https://static.usrfiles.com/ugd/b8c837_f5f08c09417a4dd1b0fbff13dde06744.pdf
- https://static.usrfiles.com/ugd/b4609a_2ba883d55b36465ab18b0bdf23b3d501.pdf
- https://static.usrfiles.com/ugd/d775a9_1ebf329c3f994e8882b98b93c4050254.pdf
- https://static.usrfiles.com/ugd/de02f3_f3d7fbc3424142fdbca6388572fbbdd6.pdf
- https://static.usrfiles.com/ugd/b8c837_1410f3e0148a46feb1339822ff8d32aa.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004cb2.bin40d49edce31ad3647e046c5fee4b795277cff9158059149852de3f8e38872574 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4CB2 | 5668 bytes |
font_01_sfnt_off00005ff8.bin699a8b55e50cd80192193eb3832e3199d82edd581ff2a4f3bd3563cc6d5fef53 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FF8 | 20968 bytes |
font_02_sfnt_off00008028.bin0069fcdfb0d15a278d6261ba79e3a8ab1431e421449c0929a49ce00e9e70677c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8028 | 2276 bytes |
font_03_sfnt_off000089f5.binbbd32b120848cc426c2b87ae03f491e4328ba84974b3069932335d7474bf5e81 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x89F5 | 10364 bytes |
font_04_sfnt_off0000ad72.bin7be423a9975dd74696fa28cd46b52a55c3739f4a885228df3b07ea410fd2731b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAD72 | 2056 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.