MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to `https://ttraff.cc/wix?keyword=2006+honda+civic+manual+transmission+rebuild+kit`. Additionally, another critical heuristic indicates a PDF link farm, with numerous external links, including `https://static.usrfiles.com/ugd/834936_671e0cff2ef047baafb46c2cc452d353.pdf`. The document body, though heavily obfuscated, contains text related to a '2006 honda civic manual transmission rebuild kit', suggesting a lure to entice clicks on the embedded malicious link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=2006+honda+civic+manual+transmission+rebuild+kit
- https://static.usrfiles.com/ugd/834936_671e0cff2ef047baafb46c2cc452d353.pdf
- https://static.usrfiles.com/ugd/32acb1_f5a2cc69ea224ac183ef406d20bcde7d.pdf
- https://static.usrfiles.com/ugd/e2c250_4756461fc66b47fe9013c2ed45a1af7d.pdf
- https://static.usrfiles.com/ugd/3e87bf_dfd872aa69384d2a8df954613f5d7918.pdf
- https://static.usrfiles.com/ugd/f8de3e_11ace995d1b84f018819cd6ce1510929.pdf
- https://cdn.shopify.com/s/files/1/0435/3038/7607/files/difference_between_vedic_and_buddhist_system_of_education.pdf
- https://cdn.shopify.com/s/files/1/0430/6593/3985/files/2017_ford_escape_owners_manual.pdf
- https://cdn.shopify.com/s/files/1/0438/6825/8469/files/livujepogiwipebad.pdf
- https://static.usrfiles.com/ugd/e3c460_e438dd4faae04e27b6379fcb8032b818.pdf
- https://static.usrfiles.com/ugd/b8c837_4d2c3bb36f12404e811aa3ac48835d09.pdf
- https://static.usrfiles.com/ugd/b8c837_de3c9db0f874497da0122ed0da29be62.pdf
- https://static.usrfiles.com/ugd/ce14f3_e128f845a5304e52a37e67d4c4e4c556.pdf
- https://static.usrfiles.com/ugd/ce14f3_055386793bf54433b64da5b26b53a1af.pdf
- https://static.usrfiles.com/ugd/b8c837_a14da25cc78048a3a60dba82ab30c952.pdf
- https://static.usrfiles.com/ugd/ade4e6_a5ef5b58582d4ea59f58753099eadeb6.pdf
- https://static.usrfiles.com/ugd/b8c837_8b7f2b0c200b401ea62610955f037079.pdf
- https://static.usrfiles.com/ugd/b8c837_31acf244f30c48d9ba84016a7ceea100.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000067cc.bin591319a03e0b2ab2b2058012c20dd2e4d33dd89c9c639741540767e046fd19bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67CC | 5776 bytes |
font_01_sfnt_off00007b34.bin126932b8170d3a06e7620e9185d967cba6a57aa034670099cfd810c17c650793 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B34 | 10164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.