MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link to a known malicious redirector, ttraff.cc, which is likely intended to deliver malware or lead to a phishing site. The document body contains text and links that mimic a download prompt, further supporting a social engineering attack. The presence of a large number of external PDF links suggests a link farm used for SEO poisoning or to obscure the final malicious destination.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=appbounty+mod+apk+2019
- https://static.usrfiles.com/ugd/b8c837_7094a8965da7427196345dcf8399505a.pdf
- https://static.usrfiles.com/ugd/a8ca0f_ee6e3008f0514304b4315e1ec552cddd.pdf
- https://static.usrfiles.com/ugd/b8c837_efd06bd06baf434aa44f185218b28860.pdf
- https://static.usrfiles.com/ugd/b8c837_14a25d68ba944863b75be45b38f4838e.pdf
- https://static.usrfiles.com/ugd/b8c837_892d3fbbb69d41a09f1340ce68271130.pdf
- https://static.usrfiles.com/ugd/b8c837_54acd1b4359e40bab030e4b644c34145.pdf
- https://static.usrfiles.com/ugd/529dbf_33d8784226a2434dad24131e93e3112a.pdf
- https://static.usrfiles.com/ugd/21a131_e0bae4a6c5164e568c7e2c9e48409ee9.pdf
- https://static.usrfiles.com/ugd/99afdc_1b4cee174301423cb99271c6d82cef0e.pdf
- https://static.usrfiles.com/ugd/b8c837_4de4d67c5a644ab482c24df1dd9a1e9e.pdf
- https://static.usrfiles.com/ugd/3aee12_dc7ce56e3a3f456c885fa0babf6c8d38.pdf
- https://static.usrfiles.com/ugd/b8c837_9757a9fd410f454e90d91bf7c36e36fc.pdf
- https://static.usrfiles.com/ugd/b8c837_06726444992e4d47ac4fef5d33b314e5.pdf
- https://static.usrfiles.com/ugd/9dda13_048a05c1d4494694997800814c70b35b.pdf
- https://static.usrfiles.com/ugd/b8c837_4fca2c49cc30418cb7af590b482add09.pdf
- https://static.usrfiles.com/ugd/ee9d3f_72e8b0ca48d645b79294215f527188bb.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000050f2.bin1e281fcb33946fa3e7269dd2277c364d6f4b2836c61cc14e7394737d03ccc3b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x50F2 | 5576 bytes |
font_01_sfnt_off000063e6.binad7d091a635cefa7a5fd1f8cf795f7e522f67229d2c1242efb15e17755887983 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63E6 | 11788 bytes |
font_02_sfnt_off00008ad4.bincf997a249915ea872a93d601502fb79047c7298440021a53259ebc51affd3693 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8AD4 | 16096 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.