MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to `https://ttraff.com/wix?keyword=blaupunkt+idc+-+a09+manual`. This URL is presented within the document body, disguised as a manual title. The file also contains a heuristic for a PDF link farm, indicating a large number of outbound links, many of which are to benign-looking PDF files hosted on `static.usrfiles.com`. The overall pattern suggests a phishing or scam attempt using a lure document to redirect users to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=blaupunkt+idc+-+a09+manual
- https://static.usrfiles.com/ugd/b8c837_e11ca8e0172f4fe2b578c08cd5c2c96b.pdf
- https://static.usrfiles.com/ugd/b8c837_a1aa3331b76b4f1cab0b80ad2e97d24b.pdf
- https://static.usrfiles.com/ugd/6116da_3b8f58c66e534c3185bcff297e0c1f78.pdf
- https://static.usrfiles.com/ugd/5af86b_fa08b27242c0465caa737c3552d66f0f.pdf
- https://static.usrfiles.com/ugd/6cfc61_d0f4553549654230a387d0efbb523632.pdf
- https://cdn.shopify.com/s/files/1/0430/6590/1210/files/zaxaruzaladulul.pdf
- https://cdn.shopify.com/s/files/1/0436/1791/0946/files/fixivuvavagipefugi.pdf
- https://cdn.shopify.com/s/files/1/0440/1371/5606/files/digital_business_concepts_and_strategies.pdf
- https://static.usrfiles.com/ugd/b8c837_72020fa966ed421cae4e09872c55cac4.pdf
- https://static.usrfiles.com/ugd/bb13a2_f5b040b4c1ea4060a33b3eef6dd5e394.pdf
- https://static.usrfiles.com/ugd/b8c837_0b7ea52f661440188443e6796643502e.pdf
- https://static.usrfiles.com/ugd/b8c837_51de7105e05e4e798e6da468956b3eb4.pdf
- https://static.usrfiles.com/ugd/be19e1_969e6b175bea4909b38c86915b1a9d1e.pdf
- https://cdn.shopify.com/s/files/1/0448/9166/8647/files/tuzazajuliri.pdf
- https://cdn.shopify.com/s/files/1/0438/4188/0224/files/convert_html_to_angularjs.pdf
- https://cdn.shopify.com/s/files/1/0432/1958/3133/files/dikiboxewotamuwawi.pdf
- https://cdn.shopify.com/s/files/1/0431/5932/2778/files/ielts_vocabulary_words_with_synonyms.pdf
- https://cdn.shopify.com/s/files/1/0439/3782/4926/files/botones_sacarino.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e061.bin952fd05ac075db28d66a273bc410c2538e87f900f7e09d6913db23eec075c5bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE061 | 5388 bytes |
font_01_sfnt_off0000f2b1.bin847443b0babe38a5c94e5ebdf09f5583c0c59be362a4da18677e81cc4b7cffe9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF2B1 | 15084 bytes |
font_02_sfnt_off000121af.binfce21d86c2b5faa43a5619d6c859002d414ef8720c10ef6ba746f045f1b0bfa7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x121AF | 16076 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.