MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=drakengard+3+trophy+guide'. This URL is the primary indicator of malicious intent. The document body, though heavily obfuscated, contains the same URL, reinforcing the lure. The presence of a large number of external PDF links suggests a link farm or SEO poisoning attempt to distribute the malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=drakengard+3+trophy+guide
- https://ebe9a139-c6fc-430f-b4fa-00f8a507de66.filesusr.com/ugd/7041e4_e420b6a31e7643398c38edac71cf9934.pdf?index=true
- https://5c8a76b1-10f9-43f4-aef2-c05644d8d32d.filesusr.com/ugd/6c98bc_6cd84e8f70a24cd88ae06125bdc06537.pdf?index=true
- https://fd2a359e-1bbd-4974-9564-23f9215dee91.filesusr.com/ugd/17ce20_9401639c89fe473e827537fa5900c5d1.pdf?index=true
- https://4126567b-0d95-427c-8b40-43763ea7672a.filesusr.com/ugd/76156b_ae7b84b0aa3748f2a979045bc9144c7f.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/9569/5266/files/49764843104.pdf
- https://cdn.shopify.com/s/files/1/0469/0205/0978/files/settled_in_credit_report.pdf
- https://cdn.shopify.com/s/files/1/0440/1581/2766/files/free_math_worksheets_3rd_grade_place_value.pdf
- https://cdn.shopify.com/s/files/1/0431/7387/1767/files/68786193653.pdf
- https://cdn.shopify.com/s/files/1/0468/1151/2986/files/28317108210.pdf
- https://20de9800-35e2-496c-8357-775ae8b22038.filesusr.com/ugd/cf79db_608c6347146b46fe910131725fc250ca.pdf?index=true
- https://63a7dd97-ab68-457e-b8d5-02619eeb6cce.filesusr.com/ugd/7b00a0_5ae9b451cc244199b761b2c7fef72e6f.pdf?index=true
- https://91380323-69af-44f2-9dc7-ec259c8fc684.filesusr.com/ugd/3d0627_612eed17148146fb9080501b70c81c69.pdf?index=true
- https://3e2e5ac0-282c-4dcb-9556-8b705af4e01d.filesusr.com/ugd/bd7df1_260c7c2226c648aab82b25b652dcdeba.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009b18.bindc5ae9d47ddd72f9de4c1d34fc293db951e591b33b9d226565d79a799b33f041 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B18 | 26568 bytes |
font_01_sfnt_off0000edf0.binb5c0c7a4d69bc42bb6937c4d9cc5cd0a139c30c78f903e0b2725107de9588f44 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDF0 | 5340 bytes |
font_02_sfnt_off0001002d.binb0e4cacacbbad6f1d1b2ebcaa33b75b06cede4e239099ba24cb17b4eed7a78a7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1002D | 14452 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.