MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link farm with 28 external PDF links, designed to direct users to malicious infrastructure. One of the primary links points to a known malicious redirector, ttraff.me, which is likely used to further obfuscate the final malicious destination. The document body contains garbled text but includes the target URL, suggesting a social engineering lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=buckeye+high+school+louisiana
- http://jevapuda.saltlakecountyjuniorlivestock.com/uploads/1/3/2/8/132814930/3fd9b18ed500ae8.pdf
- http://zusewi.healingartstherapy.org/uploads/1/3/1/6/131636772/navotofodu-lavus.pdf
- http://pubefe.alisonpeters.net/uploads/1/3/2/6/132682883/gogezusexupax.pdf
- https://ce17f58d-c658-4fc3
- https://eccf5b68-8aba-4ef1-938f-c73197d69109.filesusr.com/ugd/3225da_e4cb4fcb3e294216a2e92a53cbb1e85e.pdf?index=true
- https://1d32f26a-d8ed-4525-9a29-abf78968263f.filesusr.com/ugd/3d0627_aba620ecf89d4db1804bf812d599eafd.pdf?index=true
- https://60ca4f88-e873-4b5b-a8b3-c3664ac1af08.filesusr.com/ugd/9058e5_6112fcabc494474e96bf9f9d90fc617c.pdf?index=true
- https://e3642aa2-1777-4bd9-aff1-5a3863e4d85d.filesusr.com/ugd/1acd69_01d3db06c01946cf94ab7eb520f17e63.pdf?index=true
- https://d164468e-fe8f-45d5-8183-0333a80b2d12.filesusr.com/ugd/48bf55_3e8d214b04ad4df58d77144840ad5ee9.pdf?index=true
- https://1d75287d-0988-499b-be7f-b59541b9b865.filesusr.com/ugd/6d59ab_94988b8283fa4810a0c62eb7e31f9af8.pdf?index=true
- https://650ddcbe-00ce-4b44-bb03-8fb70f12828f.filesusr.com/ugd/3eed2b_af55a16edd2a47e6b13afc0238cca88b.pdf?index=true
- https://3d8ad5e6-e618-4a3d-b9f3-ac97002ed500.filesusr.com/ugd/5926b4_bfa8beccf98646c6a45a2b16b90d3890.pdf?index=true
- https://9f2f6cf3-4814-4bd1-b830-d01506210c10.filesusr.com/ugd/0fdb6d_0793a9ae5c2146f6b8c04b83f90c03dd.pdf?index=true
- https://c0e5247e-e2a5-4bb9-9be7-5335008b43bf.filesusr.com/ugd/ffe0d3_7f3093563064461f82c8ded71a17e0c1.pdf?index=true
- https://ce17f58d-c658-4fc3-b6c5-4645aa6d028c.filesusr.com/ugd/1ee69b_4bae44c6c25e48bdacbb1796b2a30cb1.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005a8e.bin531ebd2c97b04c4aff46f3ff1ad1e2558dbe222c21076ee93dc73acb5b037711 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A8E | 4984 bytes |
font_01_sfnt_off00006b81.bin5e30e16e81c586f3fd33e5215d2dbd2f656d68f24ca533344df6aa917c9a549e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B81 | 10168 bytes |
font_02_sfnt_off00008e66.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E66 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.