MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/wix?keyword=m35a2+repair+manual'. Additionally, it exhibits characteristics of a PDF link farm, with numerous external links. The document body, though heavily obfuscated, contains the malicious URL and appears to be a lure, possibly related to a repair manual, to entice users to click the link. No scripts were extracted, but the presence of a malicious redirector and link farm strongly suggests a phishing or malicious content delivery attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=m35a2+repair+manual
- https://cdn.shopify.com/s/files/1/0432/7954/8574/files/heart_of_worship_chords_key_of_d.pdf
- https://cdn.shopify.com/s/files/1/0447/9628/0983/files/adverbs_of_manner_exercises_2_eso.pdf
- https://cdn.shopify.com/s/files/1/0436/8223/4521/files/65076038267.pdf
- https://static.usrfiles.com/ugd/b8c837_683867d6f6ab4a2c85a21c86e6755aee.pdf
- https://static.usrfiles.com/ugd/d3758e_e566f3f1415e43e18211bbdb237adcb1.pdf
- https://static.usrfiles.com/ugd/b8c837_9f30747a89bc433787fca59258c21f10.pdf
- https://static.usrfiles.com/ugd/b8c837_139045fa44014a24ac06e59f8c364058.pdf
- https://static.usrfiles.com/ugd/fbccce_5a2a019b590648e5a7f522221c5275c7.pdf
- https://static.usrfiles.com/ugd/49be48_bb53023fd9ac4090afdf0d01904d63a9.pdf
- https://static.usrfiles.com/ugd/b47706_b4ee125508794e35ac61548a9bfbe7ed.pdf
- https://static.usrfiles.com/ugd/b8c837_3d9449bcc04a4a73972dae8474ec9713.pdf
- https://cdn.shopify.com/s/files/1/0429/6795/7658/files/73584913281.pdf
- https://cdn.shopify.com/s/files/1/0430/0223/2983/files/kozosimazezagapanavuk.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000055dd.binf7f32f4d572b2392d429cbe183573e6f95e5ce35070e249b23dc583f38e2a4f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x55DD | 4904 bytes |
font_01_sfnt_off0000665d.bin6b730ec34837487760c2743c540584edeff2b1ba63d4b6987abfe7bc5ae0598f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x665D | 14268 bytes |
font_02_sfnt_off000092ac.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x92AC | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.