MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious Link
T1204.001 Malicious Link: User Execution
The PDF contains a heuristic firing for a malicious redirector link, which is a common lure for phishing and malware delivery. The document body, though heavily obfuscated, contains the URL 'https://ttraff.link/wix?keyword=bangla+chaya+chobi+free', which is also flagged as a malicious redirector. The presence of numerous external PDF links suggests a link farm, likely intended to improve search engine ranking for malicious content or to distribute malware. The heuristic 'SE_BROWSER_INSTALL_LURE' indicates the document's text is designed to trick users into installing unwanted software.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=bangla+chaya+chobi+free
- https://static.usrfiles.com/ugd/229b11_27851532cd6a45858c07d4c7f30b3f8e.pdf
- https://static.usrfiles.com/ugd/51c472_aad0efbde4fe4fbca75df0abce4350ab.pdf
- https://static.usrfiles.com/ugd/b8c837_83ad02e8342748a0b678cbaf9724aadb.pdf
- https://static.usrfiles.com/ugd/ddb60a_2ddb77104a8644f5aad22d64ddd69462.pdf
- https://cdn.shopify.com/s/files/1/0464/9756/2776/files/amman_padal_hd.pdf
- https://cdn.shopify.com/s/files/1/0438/1720/5920/files/excel_vba_list_sheets_in_workbook.pdf
- https://cdn.shopify.com/s/files/1/0433/8316/0995/files/big_ideas_math_7th_grade_red_book.pdf
- https://cdn.shopify.com/s/files/1/0431/1734/6965/files/27662480896.pdf
- https://static.usrfiles.com/ugd/8b61cf_06e5f35bced64b37a4f2719202d41863.pdf
- https://static.usrfiles.com/ugd/238140_308f2695fbe5497386e75e3a714f1a46.pdf
- https://cdn.shopify.com/s/files/1/0429/5812/7270/files/vabufukitagitam.pdf
- https://cdn.shopify.com/s/files/1/0432/2014/0191/files/lelasezaxupovuzeje.pdf
- https://cdn.shopify.com/s/files/1/0433/4492/0734/files/82020732329.pdf
- https://cdn.shopify.com/s/files/1/0434/5911/7222/files/kendo_chart_tooltip_template_date_format.pdf
- https://cdn.shopify.com/s/files/1/0428/9832/5663/files/babigazawom.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006818.bin2d93db5fb54468c96f19088e21b30024d80f614fc0119ebb3c0a7390b490f821 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6818 | 5256 bytes |
font_01_sfnt_off00007a02.bin19b420cee97154e68887a7fd9021891ab273c2d909d0568cbbe1f5d6a7a0827f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A02 | 6720 bytes |
font_02_sfnt_off00009026.bin6184740555bed41d5044e352e96bbf149673c381348395ae205c61f7d3afa9cc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9026 | 10388 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.