MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/wix?keyword=lg+portable+air+conditioner+8000+btu+manual'. This URL is likely part of a phishing or scam campaign, using the guise of a product manual to entice clicks. The document body, though heavily obfuscated, also contains this URL, reinforcing the malicious intent. The presence of a link farm heuristic further suggests an attempt to manipulate search engine results or distribute malicious links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=lg+portable+air+conditioner+8000+btu+manual
- https://d475ff6f-7673-405a-8908-eedabba7a0b5.filesusr.com/ugd/3bcfef_013e68f9b8e54af999b0fa5b376130f4.pdf?index=true
- https://adcd4c6c-07ef-42f1-90f1-ede0c97e06bc.filesusr.com/ugd/0cd019_c5b6c6bbea5b4465991dcf85eed7d0ef.pdf?index=true
- https://63a0b230-8692-4e8a-8d8c-2ddec29d181a.filesusr.com/ugd/a3b54b_faf8d13c7b854637bb55af8d76f91e4c.pdf?index=true
- https://f1e28ead-9baf-4fad-ac3f-81d6c6734027.filesusr.com/ugd/217b8a_14ee50a2ec5a4d0d87941997d9a6e283.pdf?index=true
- https://3f8249f8-32b1-4c9f-9b13-e604b46fe34e.filesusr.com/ugd/ade4e6_ba0086a49cdb4e50b178c84eab37f184.pdf?index=true
- https://d522d129-e086-4835-ac60-b2d349472a0f.filesusr.com/ugd/7f614e_4d9064197b594df790084558ab66b88c.pdf?index=true
- https://bee6eab8-b4cd-4e0d-8fef-8d324be33209.filesusr.com/ugd/9117e0_c917082b169448e992d3b22e6e491842.pdf?index=true
- https://f2620858-ff0b-47ea-bcb2-c3fbc59ac8ab.filesusr.com/ugd/0bcf16_ab32ee5332c44394b9410aade13f2c6f.pdf?index=true
- https://0f1b69fb-698f-4436-bbb1-2dc92409f2fb.filesusr.com/ugd/daca0d_e127f28e371241a993cf16e51be91168.pdf?index=true
- https://3fbd9127-dad5-4cf3-9f3d-7d09a0dd1a52.filesusr.com/ugd/66f7a0_84fedbf3052342d6842dcf5c0a86cb2e.pdf?index=true
- https://94627f73-9248-44f9-9d02-5d17ba5d0642.filesusr.com/ugd/63d3ad_ad0f8318a6474e6a86bfdac1f306c579.pdf?index=true
- https://add36472-fc3d-4ea2-be4f-5e01beddc0c3.filesusr.com/ugd/d4a9d6_c5e1f742351446d28ae6e683987993b4.pdf?index=true
- https://b21772ad-8cbf-42af-8e9e-1b484da974e4.filesusr.com/ugd/dcf311_17f7cb551b5e4adb886dde846d4e3c86.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006418.bin55700149152f589fe8fb15b8837011a79a3282e5f8af90f31efe604b5798e646 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6418 | 5632 bytes |
font_01_sfnt_off00007725.binc9268c9bcf445031121491096e8dd7897d171c85af99935299e9f0b1222617e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7725 | 10568 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.