MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to the same domain (static.usrfiles.com), suggesting a link farm or redirection strategy. One of the primary links, 'https://ttraff.com/wix?keyword=basic+skills+in+interpreting+laborat', is flagged as a malicious redirector. The document body, though heavily obfuscated, contains this same URL, indicating it's the intended destination. The presence of numerous external links and a malicious redirector strongly suggests a phishing or credential harvesting attempt.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=basic+skills+in+interpreting+laborat
- https://static.usrfiles.com/ugd/3aee12_7c89a4da4bcd401ab33ea930d168a84c.pdf
- https://static.usrfiles.com/ugd/b8c837_fc7fd14f55584cf981a041432a1bc95e.pdf
- https://static.usrfiles.com/ugd/b8c837_5cdb85e260694944968d6c7e18b42741.pdf
- https://static.usrfiles.com/ugd/1f2646_e902c857bdba4264847fd1c12af32903.pdf
- https://static.usrfiles.com/ugd/b8c837_2144100e9be34a09ba9a82ea531e3fca.pdf
- https://static.usrfiles.com/ugd/b8c837_23d4e0d7390145788bea8d2e38bd1cc9.pdf
- https://static.usrfiles.com/ugd/b8c837_770bf3c3d14943f8bd9de74929a16c86.pdf
- https://static.usrfiles.com/ugd/5be868_554765883bbf400ca309674df398b5ee.pdf
- https://static.usrfiles.com/ugd/f63f29_2aa2b9be46714d419867b38f4a3d64e9.pdf
- https://static.usrfiles.com/ugd/de65f7_b4d33de397ff48668678e5dae26dd716.pdf
- https://static.usrfiles.com/ugd/b8c837_f66acebd9c5a44d2b41c188da780c883.pdf
- https://static.usrfiles.com/ugd/d162e3_e799532033594cd8a5284caf5748c8ef.pdf
- https://static.usrfiles.com/ugd/ae059d_805983a1b05449a6b92b8c5ef2455aae.pdf
- https://static.usrfiles.com/ugd/b8c837_99ab475b41a142b8b91bf48faf579473.pdf
- https://static.usrfiles.com/ugd/4725f1_af9069224935413abccb3cfaf68c3062.pdf
- https://static.usrfiles.com/ugd/b8c837_e0120433f8ed46b1b7e740f4ad7a52f0.pdf
- https://static.usrfiles.com/ugd/b8c837_ad9eae7bcf3b4f189219a120b63a11f9.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a1f3.bin594037f3609fc1f17046f0c9566978e15f840c6e712b4edcd47f40bdefa9f224 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA1F3 | 5352 bytes |
font_01_sfnt_off0000b42b.bin3704a381020510b9da6886292352489b0403af648c50be4151a393dee7cf0031 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB42B | 10944 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.