MALICIOUS
200
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a malicious redirector link pointing to 'ttraff.com', which is associated with advance-fee scams and payment redirection lures. The document body, though heavily obfuscated, contains text fragments related to 'cheque book application form sbi', reinforcing the lure. The presence of a large number of external PDF links suggests a link farm designed to improve search engine ranking for malicious content.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=cheque+book+application+form+sbi
- https://static.usrfiles.com/ugd/b8c837_252bb4464eba48129b44f48d3fa92da9.pdf
- https://static.usrfiles.com/ugd/69695d_be908a51e46f4984b120317755e9f23d.pdf
- https://static.usrfiles.com/ugd/0286dd_ee51f732dee24124be8f4b36162c9fc2.pdf
- https://static.usrfiles.com/ugd/bd5c68_333b02d8a7ae45db91efe20c6f745aec.pdf
- https://cdn.shopify.com/s/files/1/0438/4679/5424/files/46966875868.pdf
- https://cdn.shopify.com/s/files/1/0427/7764/1116/files/fugikutebip.pdf
- https://static.usrfiles.com/ugd/e7e4a0_ca4375914d404fc6864d04e3d24a35eb.pdf
- https://static.usrfiles.com/ugd/aff7ca_5870ccb4ea7549e180bf7cff72de9f0f.pdf
- https://static.usrfiles.com/ugd/362633_d889f83718114fc0ba988a607faebd73.pdf
- https://static.usrfiles.com/ugd/824332_cf6cd7a347ac4c5c8a3c4ab5cb859504.pdf
- https://cdn.shopify.com/s/files/1/0430/7822/1973/files/tosis.pdf
- https://cdn.shopify.com/s/files/1/0431/7849/2062/files/37517160850.pdf
- https://cdn.shopify.com/s/files/1/0434/6901/3158/files/noun_adjective_adverb_verb_forms.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009f4c.bina17885b4fd577e0298a64705d5055d2ac7c2363fd7008e9cf236b3df412a17d8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9F4C | 2828 bytes |
font_01_sfnt_off0000a946.bin5a8a43224a80467daa7a13bee8302d768223ac043d4ef4651d01a9cd4644c3d6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA946 | 5488 bytes |
font_02_sfnt_off0000bbca.binc00e7701561fb870d0df87b57a99693a9a9a9ea2fedb7352847fbc422a822387 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBBCA | 10516 bytes |
font_03_sfnt_off0000dfbc.bin6e3fbd491d8b71441998836ddca0d0c102716a221ea14f8143929167ad9a79b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDFBC | 16164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.