MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204.001 Malicious Link
T1566.002 Spearphishing Link
The PDF contains a heuristic firing for a malicious redirector link pointing to 'https://ttraff.cc/wix?keyword=leethax.+net+extension'. Additionally, it exhibits characteristics of a PDF SEO link farm, with numerous embedded links. The document body, though partially corrupted, contains text suggesting a lure to install a browser extension or update, aligning with the 'SE_BROWSER_INSTALL_LURE' heuristic. This combination indicates a social engineering attempt to redirect users to malicious infrastructure, likely for credential theft or malware delivery.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=leethax.+net+extension
- https://static.usrfiles.com/ugd/b8c837_8f75cbe2ef9d4d4c8938b6be3df69f31.pdf
- https://static.usrfiles.com/ugd/10b11f_e4efddd44dd2457b8f798a24f245c50d.pdf
- https://static.usrfiles.com/ugd/3b0c81_a50cf61dfaa64789a7d47324ff41d82c.pdf
- https://static.usrfiles.com/ugd/b8c837_17a860dedf444e51891f04637412621d.pdf
- https://cdn.shopify.com/s/files/1/0433/8139/1514/files/reformas_borbonicas_sociales_de_la_nueva_espaa.pdf
- https://cdn.shopify.com/s/files/1/0438/1540/3682/files/startup_accelerator_business_plan.pdf
- https://static.usrfiles.com/ugd/4b7290_4326a9a464994996b758f117471189f6.pdf
- https://static.usrfiles.com/ugd/07625c_e80c6c2db5ad4c13bb9ea17c9929c887.pdf
- https://static.usrfiles.com/ugd/fd30ac_5e5ecb38d03244fa8ff198c7c21c949a.pdf
- https://static.usrfiles.com/ugd/80bfa9_dd5397ef482a4c308804cb9271316e20.pdf
- https://static.usrfiles.com/ugd/b8c837_fba0567a109a46a6868974efd7aa2b5e.pdf
- https://cdn.shopify.com/s/files/1/0429/0586/2307/files/77202990712.pdf
- https://cdn.shopify.com/s/files/1/0434/5223/5938/files/waruwewurugobol.pdf
- https://cdn.shopify.com/s/files/1/0428/5664/4774/files/7733473163.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057fc.binaba5d0fbc0f93a1459c65c6e1ec2f194d0586475dddf2dae56191a620b5eca6f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57FC | 4684 bytes |
font_01_sfnt_off000067ef.bin019673f731608a27911a4ee3c6c7b3d823cd955d67fcaf028b9fb26931200cc8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67EF | 9932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.