MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it redirects to a known malicious URL. The embedded URL, 'https://ttraff.club/wix?keyword=acids+bases+and+salts+quiz+answers', is the primary indicator of malicious intent. The document body, though heavily obfuscated, contains text related to 'quiz answers' and the malicious URL, suggesting a lure to a phishing or malware distribution site. The PDF_SEO_LINK_FARM heuristic indicates a large number of outbound links, further supporting the malicious redirection pattern.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=acids+bases+and+salts+quiz+answers
- https://static.usrfiles.com/ugd/3fc21f_2a207d8a0705413283aee21c1fc615cd.pdf
- https://static.usrfiles.com/ugd/d2cc1f_9bd658384cd0402b87c17f1f4f5b60f3.pdf
- https://static.usrfiles.com/ugd/b8c837_215ee62a3a1148b38f0730dcae6314dc.pdf
- https://static.usrfiles.com/ugd/e8506d_8328a93dd4154d2b959a8fdd35f33150.pdf
- https://static.usrfiles.com/ugd/b8c837_14d2ad49b4374aca9468dc11e86e9712.pdf
- https://static.usrfiles.com/ugd/19103d_bedca837808f4460a27f3b70332a0d0c.pdf
- https://static.usrfiles.com/ugd/5e8de6_2777066ec04d4fc2893ea3f0307dc331.pdf
- https://static.usrfiles.com/ugd/b8c837_6e47c7c7d1a6442d8ebdcdc9369fa4d1.pdf
- https://cdn.shopify.com/s/files/1/0429/4295/5676/files/98643441867.pdf
- https://cdn.shopify.com/s/files/1/0439/0787/4984/files/68855276821.pdf
- https://cdn.shopify.com/s/files/1/0428/7361/8599/files/paladin_mount_quest.pdf
- https://cdn.shopify.com/s/files/1/0460/4008/8740/files/alliance_alive_guide.pdf
- https://cdn.shopify.com/s/files/1/0434/0134/7226/files/93815426238.pdf
- https://static.usrfiles.com/ugd/b58d21_910189902ab44706add5ba50328bc98c.pdf
- https://static.usrfiles.com/ugd/ea2f88_5bf9b41389e64111b95be5ee8d9a96e0.pdf
- https://static.usrfiles.com/ugd/30e015_e298cfb1f74f4c619d2b97086498cecb.pdf
- https://static.usrfiles.com/ugd/01e791_171ab2b1657647008f75ec48845c5b2e.pdf
- https://static.usrfiles.com/ugd/909b15_71bc34a720794c81ab42852de686826c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/e850
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009789.bin3639693bd27557a0fa5a51256c4f3af17b6b36ba6be4d62c518ca34c2521bc23 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9789 | 5332 bytes |
font_01_sfnt_off0000a9ce.bin45c4d7d2081464569d3a18e1206e48e62580ae65094ab7e60ad2f95c98854832 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA9CE | 10332 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.