MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged for containing a malicious redirector link and a large number of external links, indicating a link farm. The primary malicious URL identified is https://ttraff.me/wix?keyword=she+was+a+phantom+of+delight+line+by+line+explanation. The document body contains garbled text and embedded URLs, further supporting the malicious intent of redirecting users to potentially harmful sites. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=she+was+a+phantom+of+delight+line+by+line+explanation
- http://zilis.hearttoheartministry.ca/uploads/1/3/1/6/131607095/bebijugozo-womugolotafup-baxoxowasunon-jimarolewiboka.pdf
- http://lagone.tzvetakassabova.com/uploads/1/3/1/4/131483144/05b56de7.pdf
- http://semasoseg.royalesociety.com/uploads/1/3/1/4/131407014/2601983.pdf
- http://timik.thestoneconstructioncoinc.com/uploads/1/3/2/8/132814930/1dc7ae3feca.pdf
- http://puxis.linkuniforms.com/uploads/1/3/0/7/130776035/zemuligin_jaraxud.pdf
- https://8eb2cfeb-c013-496b-a313-25b99c24a8ea.filesusr.com/ugd/221eaa_276fe328677945c08a6e2d69c525b4ef.pdf?index=true
- https://1e47f1be-14f7-46f6-8845-f07f355ea6cb.filesusr.com/ugd/1d64af_1fc2a92150974f8aa8e6775b823bb958.pdf?index=true
- https://66b36d59-06ab-4732-aa35-1ebaf4522759.filesusr.com/ugd/3f8d85_0c7b0bb7085e4b38a0a32a4d2be638dd.pdf?index=true
- https://d7920947-a8b0-46b7-992b-787664918d11.filesusr.com/ugd/e2c223_cc9efc7d2fdc4a41b63eb7a68495dce8.pdf?index=true
- https://6e7e776b-753c-4b3a-a84d-4086bf3fbb55.filesusr.com/ugd/d99ef3_3297ab2e7c0e4a3f951e6e4ce58fb5f0.pdf?index=true
- https://20643ea8-2999-4da1-8eaf-bc47c2700666.filesusr.com/ugd/ceb2e8_abf1da7dcef2451aabf72b83c18f7b21.pdf?index=true
- https://6e94f72f-d970-4016-b4e4-1185217ece37.filesusr.com/ugd/45fd81_5ce41c675fdd42758e57e67b3260a0ed.pdf?index=true
- https://d3c9fdaa-bf94-49f2-941a-638947def822.filesusr.com/ugd/c5d40f_897347427fd54290b3cc6faac5cf92f0.pdf?index=true
- https://ad63230c-1c9a-4233-b8bc-635f10496a6e.filesusr.com/ugd/120874_7383851c81be4f56a068ed874ad52c8a.pdf?index=true
- https://4d36b04b-19a0-4237-9649-73818619395b.filesusr.com/ugd/aff7ca_0dacbc2c3bf742c197e9dbfd82431309.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e61.binbb647dc113c991cf8896456c353ec88bf868a387c7137674eadce7bbd215d441 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E61 | 5864 bytes |
font_01_sfnt_off00008253.bin320cd59c990c150a5ab6a69ecb503032fc8b40a633cd9ec92f612e1b36338e61 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8253 | 10044 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.