MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
The PDF contains a deceptive document body masquerading as a 'Bowflex hvt workout manual' and embeds numerous links. One critical heuristic identified a malicious redirector link, and another flagged a large number of external PDF links, suggesting a link farm. The primary malicious URL is https://ttraff.cc/wb?keyword=bowflex%20hvt%20workout%20manual, which likely leads to further malicious content or phishing pages.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=bowflex%20hvt%20workout%20manual
- http://files.adultlearningarch.com/uploads/1/3/1/3/131380138/02a00372e7.pdf
- http://files.ajeplanners.com/uploads/1/3/1/4/131406816/sifojopese_nidukuzinagimo_xutokajofuzi_roxurugar.pdf
- http://files.anamarielewis.com/uploads/1/3/0/7/130738755/2951266.pdf
- http://files.wildcatbands.org/uploads/1/3/1/8/131858287/45459ffdb04551.pdf
- http://files.peequality.com/uploads/1/3/0/7/130740090/rumaxo_buwibis_bepelu.pdf
- http://files.capecodhomelearners.com/uploads/1/3/1/6/131606864/139846.pdf
- http://files.bsapack1hk.org/uploads/1/3/2/7/132741555/5180853.pdf
- http://files.carolinastormhedgehogs.com/uploads/1/3/1/6/131637291/fanipewonosewagafuv.pdf
- http://files.mcgannonfitness.com/uploads/1/3/2/6/132696080/sajilu_gapiruxe_vulosafe_xizoz.pdf
- https://dafowamu.files.wordpress.com/2020/06/41377131919.pdf
- https://susawakixer.files.wordpress.com/2020/07/64841155304.pdf
- https://zapirad.files.wordpress.com/2020/07/fufute.pdf
- https://zitexop.files.wordpress.com/2020/06/milujus.pdf
- https://sisakapajaw.files.wordpress.com/2020/06/jusilejevotowotasekeri.pdf
- https://fimovare.files.wordpress.com/2020/07/dakoboginulijizato.pdf
- https://wotidabupef.files.wordpress.com/2020/07/xezowodudep.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/niborenegukudokeregus.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/45235944591.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/4274895189.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/xizijifopaxefiz.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006680.binab1122680f6c90f6a5c1cfe84b8586c86fa4149db2b103223907bf5a42f00c93 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6680 | 4996 bytes |
font_01_sfnt_off0000776f.bin72e364849da734abd89814ba8dabb0893fe59f0740db518fccf9fa6f3de551cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x776F | 10480 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.