MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link pointing to 'https://ttraff.cc/wix?keyword=caregiver+stress+scale+pdf'. Additionally, it exhibits characteristics of a PDF link farm, embedding numerous external links, with the primary one being a redirector. The document body, though heavily obfuscated, contains the malicious URL and other benign-looking PDF links, suggesting a lure to trick users into clicking the malicious link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=caregiver+stress+scale+pdf
- https://cdn.shopify.com/s/files/1/0431/5149/1233/files/dunolozezolivedigobukako.pdf
- https://cdn.shopify.com/s/files/1/0434/6154/2054/files/windows_of_the_mind_frank_brennan.pdf
- https://cdn.shopify.com/s/files/1/0431/2937/2832/files/angle_meter_apps.pdf
- https://cdn.shopify.com/s/files/1/0440/8888/5400/files/gamujunesa.pdf
- https://cdn.shopify.com/s/files/1/0428/6827/7415/files/73072590266.pdf
- https://static.usrfiles.com/ugd/b8c837_86e99511f69c406393a8b64b56dfe739.pdf
- https://static.usrfiles.com/ugd/3f0e57_8b4ffc1d494347bb916fa671529752ee.pdf
- https://static.usrfiles.com/ugd/1f2646_01500b77e4e54b1b85c68c444e861249.pdf
- https://static.usrfiles.com/ugd/b8c837_43d7c55a8d0a4fb983394d854db65dd3.pdf
- https://static.usrfiles.com/ugd/b8c837_a0c9fc0cac2149649eced41ed819b38c.pdf
- https://static.usrfiles.com/ugd/50de67_48e1984756f54476a43afb05f615f383.pdf
- https://static.usrfiles.com/ugd/b8c837_eae511e1d280401e82e865bf8488f0b6.pdf
- https://static.usrfiles.com/ugd/7041e4_48fa70a25b014b1abb19d22e742a8495.pdf
- https://static.usrfiles.com/ugd/15cd4d_25b97682a46e4167a99e41c570a0c418.pdf
- https://static.usrfiles.com/ugd/b50c55_1495638159594497bc737d624f5016c8.pdf
- https://static.usrfiles.com/ugd/63022f_ce2a5531021d43368316f99dde099fea.pdf
- https://static.usrfiles.com/ugd/71fd01_e47b1824c3f94fa9802ef590ceb22363.pdf
- https://static.usrfiles.com/ugd/764aaa_c911b6ef3968409f9475fa3e4deb7606.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000065eb.bin48e62cd2607a520ee1c848bf11cde37576cc193e9951d209f3f77ffc34dc621c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65EB | 5288 bytes |
font_01_sfnt_off00007803.bin26911f2474b26aff372e8f3df3cdebc3759a11f3f21651a2f1e25fc3ae93e8e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7803 | 10364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.