MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a malicious redirector link and is part of a link farm, indicating a phishing or scam attempt. The heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly suggests the document's content is designed to trick users into believing they have won a prize or are due a payment, requiring them to take further action. The embedded URL 'https://ttraff.ru/wix?keyword=java+1.+7+0+25' is flagged as malicious and likely serves as the initial lure to a scam page.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=java+1.+7+0+25
- https://cdn.shopify.com/s/files/1/0434/0298/5622/files/passleader_az_103.pdf
- https://cdn.shopify.com/s/files/1/0432/9478/5704/files/chaitan_bharadwaj_songs.pdf
- https://cdn.shopify.com/s/files/1/0428/4717/4812/files/vilena.pdf
- https://cdn.shopify.com/s/files/1/0431/2816/0417/files/computer_application_in_e_business.pdf
- https://cdn.shopify.com/s/files/1/0462/6507/3818/files/modifying_comparatives_and_superlati.pdf
- https://static.usrfiles.com/ugd/314c35_385a77edb30d4b57af67e1e959a3c79f.pdf
- https://static.usrfiles.com/ugd/11276f_177fa82f14ec4d14a6346bf771548de3.pdf
- https://static.usrfiles.com/ugd/de3d83_432424922ca44835840744569ed1e8af.pdf
- https://static.usrfiles.com/ugd/9e53d4_c768e019f08446ef876f9708af67d3cc.pdf
- https://static.usrfiles.com/ugd/739437_cf4466260cda4c4593554d3934f497fc.pdf
- https://static.usrfiles.com/ugd/b8c837_b041ac1fa0734b61ac7897a9a6a53e66.pdf
- https://static.usrfiles.com/ugd/d017d5_0f22ac1350784295abf2b0df102c5bd9.pdf
- https://static.usrfiles.com/ugd/b8c837_7d5abccfc9204656b8b2e684fdb2f274.pdf
- https://static.usrfiles.com/ugd/5af86b_d9ddf3a2e9c244149f39865249abcf77.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010767.bin53b90bc5349d9d8f114572d296327fd2762a7fa0d475cf03eaa88619e4af162b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10767 | 4984 bytes |
font_01_sfnt_off00011892.binf9032e6707a5f72c7f06c3adf0e793dd8a812756c689d4ca119419644dee261e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11892 | 11316 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.