MALICIOUS
176
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains embedded JavaScript and a link to a known malicious redirector. The document body and heuristics indicate a lure for an advance-fee scam, specifically requesting recovery secrets or private keys, and presenting a visual download button. The primary malicious URL identified is https://ttraff.me/wix?keyword=apprendre+actionscript+3+pdf.
Heuristics 6
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Recovery secret / private key request critical SE_SECRET_RECOVERY_LUREDocument requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=apprendre+actionscript+3+pdf
- https://static.usrfiles.com/ugd/238140_127df8474ffe48ab9ebc1621246460a8.pdf
- https://static.usrfiles.com/ugd/b8c837_1a5f92b248f644aebb64990e07b4a0b4.pdf
- https://static.usrfiles.com/ugd/09273f_f80872bd1c7140b49e4443a3b5d5f619.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/13503036424.pdf
- https://cdn.shopify.com/s/files/1/0430/8058/1274/files/9906893591.pdf
- https://static.usrfiles.com/ugd/455f95_b57ea7072a0a489687b236dd2befcbee.pdf
- https://static.usrfiles.com/ugd/bfbc46_7464759e3345486fa9642de6c19d1a26.pdf
- https://static.usrfiles.com/ugd/5af86b_292002b38e60421a9228ad0aed0f78b8.pdf
- https://static.usrfiles.com/ugd/957eb4_c2806a98a078437baa07a131e88b46e6.pdf
- https://cdn.shopify.com/s/files/1/0440/5824/7320/files/accounts_receivable_manager_job_description.pdf
- https://cdn.shopify.com/s/files/1/0440/0853/8262/files/12259292805.pdf
- https://cdn.shopify.com/s/files/1/0429/5232/7324/files/dictionary_of_psychology_free_download.pdf
- https://cdn.shopify.com/s/files/1/0443/4313/2316/files/general_awareness_for_rbi_grade_b_2020.pdf
- https://cdn.shopify.com/s/files/1/0430/7199/6053/files/37548429370.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0002b919.bin338398f28cae0d9aacc574fd2a1f7ef08f1e78f8b08542c20220c81c6a5261f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2B919 | 5272 bytes |
font_01_sfnt_off0002cb16.binf21fb86621e827b9bbdeba3c0fa6fc6fc0ec948bca48cfd76536478e7cdbed23 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2CB16 | 16784 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.