MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to its inclusion of a large number of external links, a technique often used for SEO manipulation or to distribute malicious content. One of these links, 'https://ttraff.club/wix?keyword=south+african+wine+industry+information+and+systems', is flagged as pointing to known malicious redirector infrastructure. The document body contains garbled text and a repeated URL, further suggesting a non-legitimate purpose.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=south+african+wine+industry+information+and+systems
- https://static.usrfiles.com/ugd/b8c837_82978ccb474743e383af397d10f35d19.pdf
- https://static.usrfiles.com/ugd/cbe7f7_139ddadc17a34e57bd16a43a443f2347.pdf
- https://static.usrfiles.com/ugd/0f1814_05bb809ff34746ed85f9145094a246ce.pdf
- https://static.usrfiles.com/ugd/ae059d_82a91a1eb1b94070bb4fe0c41c8f4e5b.pdf
- https://static.usrfiles.com/ugd/38bf1f_9e38d765945749a5bde9bf46667de488.pdf
- https://static.usrfiles.com/ugd/1be480_6d19e3dcea314a03a8753500c72ed67d.pdf
- https://static.usrfiles.com/ugd/01e791_ae9621eab1b24dc592974d292343214e.pdf
- https://static.usrfiles.com/ugd/4bb894_90b44698853b4d61a8cba3a677b2add0.pdf
- https://static.usrfiles.com/ugd/e49726_dd345eeaf8b44a74831ad7211ec71872.pdf
- https://static.usrfiles.com/ugd/b8c837_1cd0c15b13944d3c8c0a7ccd19bb429c.pdf
- https://static.usrfiles.com/ugd/784815_9d5ec99b457741f3b484a239eb248954.pdf
- https://static.usrfiles.com/ugd/6f58fb_403d534e54244df58fe11e479cdbb9ad.pdf
- https://static.usrfiles.com/ugd/d43733_5c4e0c4692be4a00b50908a141821b75.pdf
- https://static.usrfiles.com/ugd/6fd45c_b505f51641114f4e8f3521cbf8dcf22b.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c5ba.binc32e747742e6394b37b04b2e9a48d5d53672232504aeb49e1371ab1baaa7323e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC5BA | 5408 bytes |
font_01_sfnt_off0000d7fe.bin242886dab481da812debe8f3f0cb8ad1d458e40f119274428e1edce0b7ab7a76 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD7FE | 10416 bytes |
font_02_sfnt_off0000fbac.bina542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFBAC | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.