MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link that redirects to a known malicious domain, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains the URL 'https://ttraff.ru/wix?keyword=picosmos+tools+review', suggesting a lure for the user to click on a download or review link. The PDF_SEO_LINK_FARM heuristic indicates a large number of outbound links, many pointing to static.usrfiles.com, which is likely part of the infrastructure to host or distribute further malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=picosmos+tools+review
- https://static.usrfiles.com/ugd/362633_c389bba93be84104a2fa2fcf1e5050e9.pdf
- https://static.usrfiles.com/ugd/756799_db2c6a7c391240dc99c75447145433b9.pdf
- https://static.usrfiles.com/ugd/fe83c3_981e809ff20f4a36a1b0eb09997c25a3.pdf
- https://cdn.shopify.com/s/files/1/0437/6163/1389/files/excel_sum_function_across_multiple_sheets.pdf
- https://cdn.shopify.com/s/files/1/0432/6234/5384/files/focus_group_interview_guide_template.pdf
- https://static.usrfiles.com/ugd/432b07_377c9a6efcc04c56be70de8d14673b1e.pdf
- https://static.usrfiles.com/ugd/cc14e4_e1ed7b4860c34ab8aa40c16e96cb8e7d.pdf
- https://static.usrfiles.com/ugd/71fd01_7d7a54040c784d96a2795f4121892973.pdf
- https://static.usrfiles.com/ugd/a18aa6_7cbfc6d675da4385b35abdb904eb22b5.pdf
- https://static.usrfiles.com/ugd/b8c837_ff238bc9a5d74139b1572a6204f549ea.pdf
- https://static.usrfiles.com/ugd/b8c837_685c5de96c4c4fb7b9e312da8da0a627.pdf
- https://static.usrfiles.com/ugd/b8c837_a95941689db5425b9f4a0dd5103113fd.pdf
- https://static.usrfiles.com/ugd/b8c837_c207b765a0f34def87e54e84cc07233c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005962.bin41ebe86ff38da33edd338bb2bde57910f166ed0e1a305169a766ac44473184c6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5962 | 4888 bytes |
font_01_sfnt_off000069f8.bin9d75541254c9eb191bb9537125e7702f359484bc06bf007b79be91ad80429e04 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69F8 | 9968 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.