MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a mass external link farm, with a critical heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK. The primary malicious URL identified is https://ttraff.cc/wix?keyword=ape+escape+3+ps4, which is likely used to redirect users to a malicious site. The document body, though heavily obfuscated, contains this URL, suggesting it's the intended lure. The presence of numerous links to static.usrfiles.com indicates a link farm strategy to improve search engine visibility for the malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=ape+escape+3+ps4
- https://static.usrfiles.com/ugd/ad2ade_73ebae154a664e8fbfb2990a12cca405.pdf
- https://static.usrfiles.com/ugd/79e0dc_d831c98720d44ad68ee81020e4c5f65a.pdf
- https://static.usrfiles.com/ugd/b8c837_c7721a74e7c04820b2f17953fdbb5f10.pdf
- https://static.usrfiles.com/ugd/3b7182_f317e745af0b420992018c176af0dc7b.pdf
- https://static.usrfiles.com/ugd/b8c837_0d9ce046bb1b4786b637b46bb18b8f29.pdf
- https://cdn.shopify.com/s/files/1/0436/9163/8934/files/tegevuvizowon.pdf
- https://cdn.shopify.com/s/files/1/0448/3586/4736/files/45598164098.pdf
- https://cdn.shopify.com/s/files/1/0435/9444/9055/files/english_arabic_dictionary_apk.pdf
- https://static.usrfiles.com/ugd/f7fbc8_2ea7c739eec84c93b0e6878e4746817d.pdf
- https://static.usrfiles.com/ugd/b8c837_ceb9385c38a94f67ae156edaa31c7a55.pdf
- https://static.usrfiles.com/ugd/d7ba0f_43e4a3a3e69b489c8f1c556157b4d7c1.pdf
- https://static.usrfiles.com/ugd/ade4e6_e0b539c75c6f47e3ba5179daa9c7984b.pdf
- https://static.usrfiles.com/ugd/bb13a2_df19989dd08d4dbfb787dccc868e65b0.pdf
- https://static.usrfiles.com/ugd/b8c837_0399333a34a74fe2886e000b8b12b952.pdf
- https://static.usrfiles.com/ugd/b8c837_46dc87ecc9b048e3a764ab1bcb320ec0.pdf
- https://static.usrfiles.com/ugd/b8c837_49215ce896c84ea9bc3c71259407e086.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/ad2ade_73ebae154a664e8fbf
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e27.bin03e4ebc799bc6b072eb42d412910ba293e139fbc721f16e680d2d2f6de021d48 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E27 | 5064 bytes |
font_01_sfnt_off00007fbe.bin9c05c3f8347b54ad3f92585c8826b8cdb452714a6e42cad569fe1a7fa03fd87d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FBE | 5040 bytes |
font_02_sfnt_off000090fb.bin1e07fad8eb1b988376fd5efda2d2ee7c531099f4447f20d559d266fc87185aa2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x90FB | 10300 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.