MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link farm and a malicious redirector link, indicating a phishing or social engineering attempt. The document body, though heavily obfuscated, contains text suggesting a lure for a 'Diablo 3 strategy guide'. The primary malicious URL identified is ttraff.cc, which is known to host redirectors. The file also contains numerous links to static.usrfiles.com, which appear to be part of a link farm designed to improve search engine ranking for malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=diablo+3+strategy+guide+pdf+free+dow
- https://static.usrfiles.com/ugd/b8c837_51bddcf388c84e22a194f1c8fe00d4a5.pdf
- https://static.usrfiles.com/ugd/b8c837_acba72f8c18149d89a5f6b0bc257f69b.pdf
- https://static.usrfiles.com/ugd/b8c837_3e2cb3b5b63e4742ab0fab769c7a8d8c.pdf
- https://static.usrfiles.com/ugd/b8c837_834b4f043556456aaa3fd29d90dcb026.pdf
- https://static.usrfiles.com/ugd/b8c837_1bb815f7052643ddb9520f07d89f548e.pdf
- https://static.usrfiles.com/ugd/b8c837_87d310fa013448ffb91548e2e9a5dae6.pdf
- https://static.usrfiles.com/ugd/b8c837_90469ef81c544b36abbc2934d9dec548.pdf
- https://static.usrfiles.com/ugd/b8c837_3811e37d0c8743cab2f69d7afb52ad4c.pdf
- https://static.usrfiles.com/ugd/b8c837_910e7a75e1584e87aaf707987ae68d13.pdf
- https://static.usrfiles.com/ugd/b8c837_9b3437ac93af4eedb579bd23c38eb787.pdf
- https://static.usrfiles.com/ugd/b8c837_c5e237eed91f44bcb7c667d4831e93a6.pdf
- https://static.usrfiles.com/ugd/b8c837_90cbdfe5e4e44502bfc36b782c597e03.pdf
- https://static.usrfiles.com/ugd/b8c837_175e6168f65b4591b5f64085f489e4f8.pdf
- https://static.usrfiles.com/ugd/b8c837_c28c53739d2646eeb379d4aa4200b4ea.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009c1b.binb04331930f45f3b88a9fb9afc50aa26d771db010ccbf3a9d0c958317d87848ea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C1B | 5708 bytes |
font_01_sfnt_off0000afa6.bin35268abb273f29d43b89d2018cae5ea8bd39cc03530ae42d9aacfbc773bb7732 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAFA6 | 10172 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.