MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document contains a large number of embedded links, many of which point to external PDF files, forming a link farm. One prominent URL, https://ttraff.me/wix?keyword=holt+mathematics+answer+key+8th+grade, is identified as a malicious redirector. The document's content, though obfuscated, appears to be a lure related to educational materials, aiming to direct users to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=holt+mathematics+answer+key+8th+grade
- https://23b9a6b3-c462-47be-b906-06abb0e0680a.filesusr.com/ugd/eb6612_58ee550356a04436a9444552a7f2ddf1.pdf?index=true
- https://f915a33e-f807-11ea-a328-fc4dd43d38a6.filesusr.com/ugd/9ef0c3_4541a83cf6a3405ca5ea10b951df6fe5.pdf?index=true
- https://067d1588-8aa8-498b-83dc-60d606d5a218.filesusr.com/ugd/ce14f3_809dcbeb94334af89bd2bdbf97afc6ef.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/8418/4728/files/social_media_management_platform_hootsuite.pdf
- https://cdn.shopify.com/s/files/1/0427/4742/9031/files/sivalobonozal.pdf
- https://cdn.shopify.com/s/files/1/0432/5956/0094/files/nutamem.pdf
- https://cdn.shopify.com/s/files/1/0437/5933/7621/files/10185161568.pdf
- https://cdn.shopify.com/s/files/1/0431/1947/6896/files/siguwidusamuvuzid.pdf
- https://cdn.shopify.com/s/files/1/0434/5384/1560/files/5949238679.pdf
- https://cdn.shopify.com/s/files/1/0432/8213/7243/files/dorothy_perkins_womens_size_guide.pdf
- https://cdn.shopify.com/s/files/1/0441/0051/8040/files/nukazis.pdf
- https://cdn.shopify.com/s/files/1/0439/6960/9886/files/hp_laserjet_1320n_driver.pdf
- https://09a65186-d67b-4bee-b5a4-b11934712c3c.filesusr.com/ugd/296484_ed90a922690d463bb118378179c5450c.pdf?index=true
- https://fb8e10f4-1354-4b64-84c4-40b0c32f6d07.filesusr.com/ugd/eb6612_45a9524f9f8d462cb7e1e5b77ac47ef0.pdf?index=true
- https://0e26175e-70c9-4ea5-9f32-64e9f77fafd5.filesusr.com/ugd/3be48b_963d7ad2d4934ec38f647bed5e83a49f.pdf?index=true
- https://55991090-d7e9-4012-80bf-783a3a42c92d.filesusr.com/ugd/10a4aa_d2efb8cfbe9b40d297195eeb77260672.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004a57.bin1abb732ad8eb46f73f369d730255dc78c6f2b6ada52b5d651ed44d212817c893 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A57 | 5764 bytes |
font_01_sfnt_off00005ddb.bin890b9c48d77f1c49b30d8749eb793acd4147d852045bcc5bd05df23ca7b26021 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DDB | 11860 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.