MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains multiple embedded links, with a critical heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK and PDF_SEO_LINK_FARM. The document body, though heavily obfuscated, contains text suggesting a lure for 'the heartbreakers book pdf'. The primary malicious link identified is https://ttraff.link/wix?keyword=the+heartbreakers+book+pdf, which likely leads to a phishing or malware download site. The file's structure and link farm indicate a coordinated effort to distribute malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=the+heartbreakers+book+pdf
- http://files.sailingkenutu.com/uploads/1/3/1/0/131070116/malunad.pdf
- http://lopepol.lucascountyiowa.com/uploads/1/3/2/7/132740978/xiwexejudakosi.pdf
- http://files.uwle.net/uploads/1/3/1/4/131409909/lojemuzewal-rijinarude-xokoralagix-rimajunu.pdf
- https://cdn.shopify.com/s/files/1/0430/6803/1143/files/ammyy_admin_software.pdf
- https://cdn.shopify.com/s/files/1/0434/3801/4616/files/basic_calculus_grade_11_module.pdf
- https://cdn.shopify.com/s/files/1/0433/0654/9406/files/40197655625.pdf
- https://cdn.shopify.com/s/files/1/0432/6116/5723/files/79286185424.pdf
- https://cdn.shopify.com/s/files/1/0432/3672/0798/files/instagram_picture_er_online.pdf
- https://7e524d81-d9a4-47fe-b917-d3125f412eba.filesusr.com/ugd/bc0d1e_f8464d558a204600bec05347caa4f1a6.pdf?index=true
- https://aa94dc25-3a53-4105-9d89-a5705fa3ac24.filesusr.com/ugd/37987b_db919db7b01848bcb9cf2696580f2acb.pdf?index=true
- https://0304604b-ac81-4f5f-a5d4-b23b14b123dd.filesusr.com/ugd/b4609a_78b68b015fb841febe924d9ec1dd3edd.pdf?index=true
- https://0c08fe56-7f5a-424e-a1de-95b673bfac9a.filesusr.com/ugd/a3b54b_8e0c3552ee9b4025bfa3566eda92c9cc.pdf?index=true
- https://94aff95d-55d3-446c-b0c6-7efdb45c0e13.filesusr.com/ugd/bf650e_ccd98a6a714244e684ff5b7d9831d710.pdf?index=true
- https://dc6f7088-4565-4fc2-ad39-78c1295b93b4.filesusr.com/ugd/162fe6_71a9b76dc10d4ed79cac5a6d32775de6.pdf?index=true
- https://e3fe3f4f-5396-40a9-b6fa-4d332820dfd8.filesusr.com/ugd/ede58b_0172582d6115460ab22860197614f7c4.pdf?index=true
- https://c2b1e4b8-f39a-4779-bc83-2371d6b7401f.filesusr.com/ugd/4c1554_42cc625386cb48b892a213829db2c10e.pdf?index=true
- https://b2b4987b-2844-4a0f-9b12-6cf2307219cd.filesusr.com/ugd/8a4248_b9f66a45152b4eb0b719551cc929bd5a.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006df5.bin5a8f0c420be131be3b805736f9e141a9f31022dba50e37989ef3738c98ce322a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DF5 | 5248 bytes |
font_01_sfnt_off00007fc2.bin3ffe1d48f9210553c3220b2760349b26f81c6b46b9dd7dba82935801f6ec87a0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FC2 | 10416 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.