MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to a redirector service. The primary malicious URL identified is https://ttraff.club/wix?keyword=css+grid-+template-+columns+auto, which is likely used to direct users to a malicious site. The document body, though heavily obfuscated, contains this URL and other PDF links, suggesting a link farm or redirection tactic. No scripts were extracted, but the heuristic firings strongly indicate a malicious redirection attempt.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=css+grid-+template-+columns+auto
- https://static.usrfiles.com/ugd/3fc21f_7ae97df587d946b1994bb6cb4aafffcd.pdf
- https://static.usrfiles.com/ugd/0e2875_ab33efd64fc041329e532e1a58efa64e.pdf
- https://static.usrfiles.com/ugd/64d889_afb57e856f4d42b19bbdc6d2bf097657.pdf
- https://static.usrfiles.com/ugd/50988c_5418d4d4558748009e3032d84438fa29.pdf
- https://static.usrfiles.com/ugd/b8c837_f451828e6a5e4f59b1a49fcadbce9e02.pdf
- https://cdn.shopify.com/s/files/1/0436/7518/9401/files/zadimuvowadaposataxetu.pdf
- https://cdn.shopify.com/s/files/1/0430/5453/0709/files/sonemufuxopifa.pdf
- https://cdn.shopify.com/s/files/1/0436/5074/4478/files/milokisovi.pdf
- https://cdn.shopify.com/s/files/1/0432/0958/8897/files/tuxidovifubafito.pdf
- https://cdn.shopify.com/s/files/1/0432/5651/2676/files/1907337918.pdf
- https://cdn.shopify.com/s/files/1/0434/8854/2872/files/xebojuluvoxuwo.pdf
- https://cdn.shopify.com/s/files/1/0428/3754/1031/files/purojotitevajagaze.pdf
- https://cdn.shopify.com/s/files/1/0434/2474/3591/files/tejel.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/gijamibumiji.pdf
- https://cdn.shopify.com/s/files/1/0431/4392/1820/files/lujake.pdf
- https://static.usrfiles.com/ugd/738632_96405c4a856f4e139d13efb72a02e142.pdf
- https://static.usrfiles.com/ugd/4dded2_d74a2d076e644870ad8a464334dc61b9.pdf
- https://static.usrfiles.com/ugd/b8c837_e2bbc7df612f44b98b4b924f4a1a7a61.pdf
- https://static.usrfiles.com/ugd/2ca09c_19d21876b33645a598d33efc35ab9181.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006858.binffcc496cfc387da1ad2a339f0ec9478c237d1317bfe9c014d0d001a9fe673f92 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6858 | 5328 bytes |
font_01_sfnt_off00007a62.bin5b34f98c84cf52f7403347457b2aa00ddadc2548c7ec6bfb79d721f2fefc560b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A62 | 10364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.