MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains a lure related to an electricity bill, directing users to a suspicious URL. The heuristic firings indicate it's a malicious redirector and part of a link farm, strongly suggesting a phishing or malware distribution attempt. The embedded URL 'https://ttraff.com/wix?keyword=bses+yamuna+electricity+bill' is the primary indicator of this malicious redirection.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=bses+yamuna+electricity+bill
- https://static.usrfiles.com/ugd/b5472a_58625fc22428455285b9c4fc0a8971b0.pdf
- https://static.usrfiles.com/ugd/9a242c_02b7b852e9704f5eae35670c84db5d98.pdf
- https://static.usrfiles.com/ugd/906e9f_e4a83485657e435bbc078ba678450e35.pdf
- https://static.usrfiles.com/ugd/b8c837_cc37905c63864e108382a3c83f22ecf5.pdf
- https://static.usrfiles.com/ugd/455f95_ae2f576feb1e4104b69a44c334c2b290.pdf
- https://static.usrfiles.com/ugd/c1108c_d0c128269ef04f2b9cc9fd5edcfb4435.pdf
- https://static.usrfiles.com/ugd/d162e3_b307ba372e2841f2ad34efd3a35da38b.pdf
- https://static.usrfiles.com/ugd/e2f197_79b56abb7b6f4f06a4e5386c5315f1c7.pdf
- https://static.usrfiles.com/ugd/b50c55_72e0e0bd2aea46e297e98a2d699231b5.pdf
- https://static.usrfiles.com/ugd/225520_72df9986c66d44548d1e8731f79169db.pdf
- https://static.usrfiles.com/ugd/7f46b5_c19834b6d778483789e62a1eb91e716c.pdf
- https://static.usrfiles.com/ugd/08fe48_beb47b0247e14c39a057466533f653b6.pdf
- https://static.usrfiles.com/ugd/b42fd6_c5ca06dec18348bcab1072d5a3f9c71c.pdf
- https://static.usrfiles.com/ugd/58a813_052a87b9a7634bb88a4aa9fc471172ff.pdf
- https://static.usrfiles.com/ugd/a640e9_93c0d026e5854fd2b4e4bff039da6f91.pdf
- https://static.usrfiles.com/ugd/3f0e57_b0c8bfe5e4bc439abc100fd4aa6edfa8.pdf
- https://static.usrfiles.com/ugd/0dd040_453c3d22612f424298d06aa956386ffa.pdf
- https://static.usrfiles.com/ugd/3e9e83_6fcc1d07fe094fea8014f5ad1ecdb851.pdf
- https://static.usrfiles.com/ugd/dd4472_4d177dec33744429944b6a12a022ed86.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066ca.bin9a46631f2b39c197b27134a327c58e9d3bc692e96ae58cb5ed932dc17d6ed79b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66CA | 5236 bytes |
font_01_sfnt_off0000788c.bin00a9d718f9f0587c5ab63b2c67efa46bd67e5da0145406a2a4a95ddfa8b63952 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x788C | 10736 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.