MALICIOUS
208
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.link/wix?keyword=chrome+network+error++failed'. This, combined with the 'SE_BROWSER_INSTALL_LURE' and 'SE_CLICKFIX' heuristics, indicates a social engineering attack designed to trick the user into clicking the link, possibly to install malware or visit a phishing page. The document body, though heavily obfuscated, contains the same lure text and URLs.
Heuristics 6
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClickFix social engineering attack high SE_CLICKFIXDocument instructs the user to press Win+R or paste a command into a terminal — consistent with ClickFix attacks that bypass macro restrictions by tricking users into running malicious commands directly
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=chrome+network+error++failed
- https://cdn.shopify.com/s/files/1/0431/9684/2142/files/sixekazojazoxuperixetim.pdf
- https://cdn.shopify.com/s/files/1/0432/9439/2485/files/cheshire_cat_blink_182.pdf
- https://cdn.shopify.com/s/files/1/0434/6127/9896/files/mamivulawivunas.pdf
- https://cdn.shopify.com/s/files/1/0429/3984/2719/files/bhagavad_gita_chapter_17_slokas_in_sanskrit.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/78992801071.pdf
- https://cdn.shopify.com/s/files/1/0431/8127/7345/files/ted_bundy_movie.pdf
- https://static.usrfiles.com/ugd/32777b_782fa811cada43a19b54d8e2597a1024.pdf
- https://static.usrfiles.com/ugd/b8c837_c92f4522ecec46d59c1ac33ac279b3f8.pdf
- https://static.usrfiles.com/ugd/4d935e_797557df3ed1427ba958fd1815d304c6.pdf
- https://static.usrfiles.com/ugd/805d2a_30f5cd49fcf14e3893173295c2416fc0.pdf
- https://static.usrfiles.com/ugd/3b47cb_c2b1eb81f9dd449bbbfcdf2de572a9c5.pdf
- https://static.usrfiles.com/ugd/5ecadc_7ad7bd0b24764eee90c6ddc63d471417.pdf
- https://static.usrfiles.com/ugd/b8c837_87867f904f92416a971679d2d6c552c6.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064fe.binb3bf03e509809d4b11b1f036ccbc9add8e19b1e1a63ba5321fe5ced56440c14f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64FE | 5032 bytes |
font_01_sfnt_off000075f9.bin72f2b8a77db97e31bc55f5000aed6e192870e0f79bbf408a19d0275e0a612cd6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75F9 | 10204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.