MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link farm designed to appear as search results for academic materials, such as 'organic chemistry john mcmurry 9th edition answers'. The primary malicious link, https://ttraff.club/wix?keyword=organic+chemistry+john+mcmurry+9th+edition+answers, is identified as a known malicious redirector. The document's structure and embedded links suggest a social engineering tactic to drive traffic to potentially harmful sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=organic+chemistry+john+mcmurry+9th+edition+answers
- http://tuxes.catherinedanielfitness.com/uploads/1/3/1/6/131637131/ziwalilewimigovajuj.pdf
- http://files.stemcellwanglab.com/uploads/1/3/0/7/130775633/e1ac54b63b1.pdf
- http://duxegupap.techniquemma.com/uploads/1/3/2/6/132681072/9833221.pdf
- https://8bad02ed-2586-429d-9bfc-d0d9c7995159.filesusr.com/ugd/724fb5_3cf07ded5113467290b9e575a37bdab7.pdf?index=true
- https://cc3df1f0-3ca5-45e9-a7bc-1fcee1ec9f39.filesusr.com/ugd/02beb7_fbd919d642ce45aab54093da10ddec31.pdf?index=true
- https://fd202c74-557d-46fd-a8c8-501fc172bdd8.filesusr.com/ugd/d31907_44ad3c36367847e89c7b9ac8d5309aad.pdf?index=true
- https://f3d936f9-6e7f-4baa-8b1f-1e90fe4b2cf6.filesusr.com/ugd/db93e9_a0b1985ab99e438bbfba8fe08c57e599.pdf?index=true
- https://25b00567-2c8d-4bb4-a596-1412d833d123.filesusr.com/ugd/9ea91e_1dafdcb835f94887861e621910d13d2e.pdf?index=true
- https://26160e21-049e-47d2-9081-618eb89d801c.filesusr.com/ugd/8b2c09_f95107fcb50d4165b44444a49e7e1770.pdf?index=true
- https://98da6ea6-c2d4-48d7-9db8-f2ac8bdd7f4a.filesusr.com/ugd/6908d7_2667548f4f8e456fa750459d0e6d122a.pdf?index=true
- https://af6605cb-615c-452c-bf49-8cb96f3f40b8.filesusr.com/ugd/227d0f_b963def074f34927b7b27a7d701df5fc.pdf?index=true
- https://25d6cc1b-a088-48ad-9fe9-da491be72afd.filesusr.com/ugd/724fb5_4d30e47294eb4183bfe89a35a6133666.pdf?index=true
- https://ee31be2b-4a31-4f94-865a-c1796366424c.filesusr.com/ugd/f5892c_e73c3812933f4879a3a04d7e2b704224.pdf?index=true
- https://871fc72a-f691-4ed5-87aa-cfe370e13b0b.filesusr.com/ugd/70e7d4_1e8559f20d0a43b099853ee98852a646.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004f5c.bina7ff4f1bf2f891aa3b1446fc8d6f807d914bb77cf57584ee659f4bf46d75e55b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4F5C | 5776 bytes |
font_01_sfnt_off000062e8.binca966a450cc349bbbdadc445394d6ccfe056dbc1f79505cd21f76bc5a611f56b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62E8 | 14104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.