MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass external link farm, with many links pointing to static.usrfiles.com, and one critical link to a known malicious redirector at ttraff.cc. The document body, though heavily obfuscated, contains the URL https://ttraff.cc/wix?keyword=wow+bfa+ww+monk+guide, suggesting a lure related to a game guide to entice users to click the malicious link. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=wow+bfa+ww+monk+guide
- https://static.usrfiles.com/ugd/16a96a_ea55fabab9694824a0b13c4a5a622b0f.pdf
- https://static.usrfiles.com/ugd/f523c3_642f00722e9c4175ba1a843cf13817d9.pdf
- https://static.usrfiles.com/ugd/b0b521_e808f10b181f466f844a4bdf25c98d5c.pdf
- https://static.usrfiles.com/ugd/19103d_dfa3085feb224d97b2398498aae2d20c.pdf
- https://static.usrfiles.com/ugd/28b3f7_bbe9d9ba7475422aa08bab0219a84e71.pdf
- https://static.usrfiles.com/ugd/bf07b1_402033e6a4944c66b9316eb997bacc50.pdf
- https://static.usrfiles.com/ugd/10b11f_f75263f9c7c741249983f353bbf87cff.pdf
- https://static.usrfiles.com/ugd/15cd4d_7448dcf771f046eaa13a330ac645da07.pdf
- https://static.usrfiles.com/ugd/4dd980_d5644e60b1c245c09e749161fae9f191.pdf
- https://static.usrfiles.com/ugd/7f16bd_0dca036d93034fa2b9ccf4d738adc18b.pdf
- https://static.usrfiles.com/ugd/a42eed_9305bd833a0240de95fb55345f2bbfcd.pdf
- https://static.usrfiles.com/ugd/b8c837_3b4399643dd941bd8911c7d1ade3219b.pdf
- https://static.usrfiles.com/ugd/ccf397_2b4e946b565749e1b076cd74af20e2a1.pdf
- https://static.usrfiles.com/ugd/b8c837_c193e1e9e1414d5ea30560e1a7f364b9.pdf
- https://static.usrfiles.com/ugd/4b874d_433368ce76904814820cf3fa71b1203c.pdf
- https://static.usrfiles.com/ugd/b8c837_29d012bf2c4844658994e1a5db8f2014.pdf
- https://static.usrfiles.com/ugd/760101_7472442c74424ea8be538317ddad1f07.pdf
- https://static.usrfiles.com/ugd/b8c837_85f6f5ce8cc248e7a4413e0384b2d39e.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000073a2.bin3df23170754bf95dd945cb33326bce7261a65fc0058da3ba75b04eb1cdc162a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73A2 | 5232 bytes |
font_01_sfnt_off00008586.bin25d6fb339060445041526ec5717b8c2c61464a50f45ece14d5caced9e4c9c8c4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8586 | 12580 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.