MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to ttraff.com. The document body, though heavily obfuscated, contains this URL and numerous other links to PDF files hosted on various domains, suggesting a link farm or redirection scheme. The primary intent appears to be directing the user to the malicious ttraff.com URL, likely for further exploitation or phishing.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=dormitory+design+guidelines
- http://files.whynotpromoshop.com/uploads/1/3/1/1/131164350/foboxokemugol.pdf
- http://files.partydoodle.net/uploads/1/3/1/6/131606128/230ee3e8eb905.pdf
- http://mefaweval.mmfadocents.com/uploads/1/3/0/7/130776728/7693055.pdf
- http://files.rhallamerican.com/uploads/1/3/2/6/132681336/bubej_notifarubarula_zomelekim_benaxowulaj.pdf
- http://files.lilubeauty.com/uploads/1/3/0/7/130738915/9558596.pdf
- https://cdn.shopify.com/s/files/1/0430/3696/7063/files/69859384482.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/zipepatijexozuzazes.pdf
- https://cdn.shopify.com/s/files/1/0434/3581/9173/files/99592991943.pdf
- https://cdn.shopify.com/s/files/1/0433/3325/5323/files/93298982908.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/25618010541.pdf
- https://cdn.shopify.com/s/files/1/0432/3255/9267/files/54852408665.pdf
- https://cdn.shopify.com/s/files/1/0431/9802/1793/files/certificate_of_origin_form.pdf
- https://cdn.shopify.com/s/files/1/0432/0709/8529/files/punarikofinufigoxe.pdf
- https://cdn.shopify.com/s/files/1/0432/7863/1072/files/19161806727.pdf
- https://cdn.shopify.com/s/files/1/0434/2684/0738/files/training_manual_template.pdf
- https://cdn.shopify.com/s/files/1/0431/4988/5606/files/19377471115.pdf
- https://cdn.shopify.com/s/files/1/0433/9118/9157/files/nachiketa_story_in_english.pdf
- https://cdn.shopify.com/s/files/1/0437/3839/8869/files/chaucer_canterbury_tales_middle_english.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006bae.bin0d72344784b1ffdea0313da4cebd5c9fd22cc2c7430b714bd929dd2342f8bf90 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BAE | 5036 bytes |
font_01_sfnt_off00007cc3.bine2c9ed963ecf7b4369b77d5e9e23cde3b63ad35b82cb76b7f86561f4fcaa11d6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7CC3 | 9880 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.