MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/wix?keyword=car+meets+near+me+2018'. This indicates the document's primary purpose is to redirect users to a potentially harmful external site. The document body, though heavily obfuscated, also contains the same URL, reinforcing its role as a lure. The presence of a link farm heuristic further suggests a tactic to increase visibility or distribute malicious links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=car+meets+near+me+2018
- https://0889782a-1af8-447e-86d8-d67184ba20cf.filesusr.com/ugd/f09a9d_2dfa78b8d9dd42e7af11141c71c17330.pdf?index=true
- https://c474b840-bfa4-4342-97e5-c0e24eb459b8.filesusr.com/ugd/7a11b0_c7a3c4387515470cb28d9fb8b7670cc9.pdf?index=true
- https://a9e07a9e-73fa-42df-a2b8-c51fbdc44ed0.filesusr.com/ugd/ad8f3a_6da0c4489e6643ce961b059ef6d0bafe.pdf?index=true
- https://c7defcaa-d2d1-46a4-83bd-af965729e342.filesusr.com/ugd/7be1cd_83e4fbad7f3c42b489fba6c6b7cbcf4b.pdf?index=true
- https://d1dbec35-3be0-4ff4-868a-60885b2af537.filesusr.com/ugd/ed2d23_77bb91d361574a9ab6b486ead50f3b40.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/1649/3976/files/nojifapu.pdf
- https://cdn.shopify.com/s/files/1/0437/2663/5157/files/celeron_n4100_performance.pdf
- https://cdn.shopify.com/s/files/1/0484/9041/4241/files/56190308997.pdf
- https://cdn.shopify.com/s/files/1/0431/3491/0618/files/24041729785.pdf
- https://cdn.shopify.com/s/files/1/0429/7955/7529/files/dazerud.pdf
- https://cdn.shopify.com/s/files/1/0429/6074/8695/files/87108042414.pdf
- https://cdn.shopify.com/s/files/1/0434/8998/4678/files/pakipemajafebenamujurag.pdf
- https://585e3eae-62d0-48aa-bfae-f97dd5801fb1.filesusr.com/ugd/4bdc6d_3d1585b5a27a4df8b7a31b83f41bcb99.pdf?index=true
- https://efb96779-f7b0-48d7-bbd7-ec11d26a7fa0.filesusr.com/ugd/3c9ac1_9e21addb1f344f738d94fcb8a684bde9.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a2dd.bina021098b7ad7d67c2a0f3ccda04a5b90964c8644c9c863ceba263dd3b1e07c6e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA2DD | 5224 bytes |
font_01_sfnt_off0000b47d.bin51ebeec29509b87aa858d500e37ac8853184703d07d1f913ce36d8e1dc7764c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB47D | 1800 bytes |
font_02_sfnt_off0000bd0b.bin43e6604431a69e5427cb4a4275a86e1b6699b31ab2819e3225b63e308a08726a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBD0B | 10136 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.