MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204.001 Malicious Link
T1566.002 Spearphishing Link
The PDF contains a link to a redirector URL, which is a common tactic for delivering malicious payloads or phishing pages. The document body, though heavily obfuscated, contains text related to a 'Grammarly premium free trial guide' and the malicious URL itself, suggesting a social engineering lure. The heuristic 'SE_BROWSER_INSTALL_LURE' further supports the idea that the document is designed to trick the user into performing an action that could lead to compromise.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=grammarly+premium+free+trial+guide
- https://static.usrfiles.com/ugd/c068f8_d09782db98404c8abcbb8b681267a7c3.pdf
- https://static.usrfiles.com/ugd/565485_cd0db9bb4015486f85fd06d787e8dc58.pdf
- https://static.usrfiles.com/ugd/76156b_f579fad62373432293181ad5066052dd.pdf
- https://cdn.shopify.com/s/files/1/0429/8424/3351/files/wifinupuda.pdf
- https://cdn.shopify.com/s/files/1/0437/7945/7175/files/2384279431.pdf
- https://cdn.shopify.com/s/files/1/0429/2195/1391/files/7175116832.pdf
- https://cdn.shopify.com/s/files/1/0437/9885/5840/files/blossoms_of_the_savannah_synopsis.pdf
- https://cdn.shopify.com/s/files/1/0429/2050/9596/files/47566212232.pdf
- https://cdn.shopify.com/s/files/1/0432/0706/5757/files/allegany_state_park_map.pdf
- https://static.usrfiles.com/ugd/b8c837_14d2ad49b4374aca9468dc11e86e9712.pdf
- https://static.usrfiles.com/ugd/b8c837_05d5040985d642f49455785083da860d.pdf
- https://static.usrfiles.com/ugd/b8c837_b15d50d21fc74e01b4827209e2ba98de.pdf
- https://static.usrfiles.com/ugd/63022f_bf1a74da54f54fcb9efb3fc75edc3fe2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008b4d.bin4b0771e0083bc850cfde70bf6c3d2d70943d66cb8d5a8463bf2eecf257d6aa0f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8B4D | 5316 bytes |
font_01_sfnt_off00009d55.binb90db19c2f777b7dc0b707ba2317d3983e4e68eda5e0f6ca056e06946e48e157 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9D55 | 2484 bytes |
font_02_sfnt_off0000a7f3.binbfe94750a5a1da45d8bfe3e6861608fdb7a07d15ac997892cd8b6549ee4f7009 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA7F3 | 10520 bytes |
font_03_sfnt_off0000cc23.bin5297616c16cab8b8db9ff150c57c2dcd6090fc77da665c347ad08242b93024bc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC23 | 16704 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.