MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a mass of external links, including one that redirects to a known malicious domain. The document body, though heavily obfuscated, contains text referencing "Adobe after effects template free" and a URL that appears to be a lure. The primary malicious URL is https://ttraff.club/wix?keyword=adobe+after+effects+template+free, which is likely intended to lead the user to a phishing or malware download page. The PDF also contains a large number of links to static.usrfiles.com, which are likely part of a link farm to improve search engine ranking for the malicious lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=adobe+after+effects+template+free
- https://static.usrfiles.com/ugd/b8c837_4882addf254c45429f8ddd300ca1c29a.pdf
- https://static.usrfiles.com/ugd/b8c837_881cf17a5c4749aba71450fa4b908378.pdf
- https://static.usrfiles.com/ugd/7820d0_f36428ae17ef40ac96a7193fb4d0a168.pdf
- https://static.usrfiles.com/ugd/185c00_e4ee937b3db14444a047bd5fba23d9ca.pdf
- https://static.usrfiles.com/ugd/6240f8_a8556b2b81aa48909fb06ca752733c93.pdf
- https://cdn.shopify.com/s/files/1/0457/5857/8852/files/pathfinder_campaign_setting_inner_sea_races.pdf
- https://cdn.shopify.com/s/files/1/0437/7749/1105/files/japanese_drama_download.pdf
- https://cdn.shopify.com/s/files/1/0435/6957/8147/files/89640447142.pdf
- https://cdn.shopify.com/s/files/1/0433/4521/5637/files/papedimofanij.pdf
- https://static.usrfiles.com/ugd/ab63e3_835ff408da1e4dd6a5f3d52a27b14a0f.pdf
- https://static.usrfiles.com/ugd/4d935e_09de8f397ff9414594a1b00a296f2953.pdf
- https://static.usrfiles.com/ugd/b8c837_3d11e7ab723e474db2ac34467a97e171.pdf
- https://cdn.shopify.com/s/files/1/0429/0415/8375/files/pibajidowovokikonudupepi.pdf
- https://cdn.shopify.com/s/files/1/0427/9291/1007/files/36288349459.pdf
- https://cdn.shopify.com/s/files/1/0429/6402/5493/files/21935913347.pdf
- https://cdn.shopify.com/s/files/1/0429/8850/3203/files/35701506772.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e90.bin34bfa2ec3518556c402b3a3a4d37526e477ba3091560d25d5047672942a0c614 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E90 | 5432 bytes |
font_01_sfnt_off000080f1.bin9597cb636eb27f99a2b663f607ef881809138de480f9f91192a0623a7f71834e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x80F1 | 10464 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.