MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a known malicious redirector, ttraff.com, which is disguised as a download button. This suggests a social engineering lure to trick the user into visiting a malicious site. The PDF also contains a large number of external links, many pointing to static.usrfiles.com, which is flagged as a link farm. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=chaalbaaz+bangla+movie+free
- https://static.usrfiles.com/ugd/3c2969_3f273cb2ce1e41a694709209599cdd52.pdf
- https://static.usrfiles.com/ugd/b8c837_563c20ddf4b743918a3473b6aaa67e21.pdf
- https://static.usrfiles.com/ugd/834936_fbc7c5b2e4e849598bd9e6d6befbe7f3.pdf
- https://static.usrfiles.com/ugd/b8c837_09b453a9940544f2b6c67044e154fa97.pdf
- https://static.usrfiles.com/ugd/b98abb_28c3abd2212e416e952190ae9a508dbe.pdf
- https://static.usrfiles.com/ugd/46429b_3a1117c77c814afba4196b4fa573e1f6.pdf
- https://static.usrfiles.com/ugd/1cc7e8_e546c13049944b03af198000a96045c4.pdf
- https://static.usrfiles.com/ugd/b8c837_e205eb3363e2408e819946be9afc4edc.pdf
- https://cdn.shopify.com/s/files/1/0433/6232/0536/files/yayati_marathi_kadambari_download.pdf
- https://cdn.shopify.com/s/files/1/0437/8722/3198/files/namojugedapiz.pdf
- https://cdn.shopify.com/s/files/1/0429/9823/5289/files/renderitem_autocomplete_jquery.pdf
- https://cdn.shopify.com/s/files/1/0440/5451/1766/files/30780488254.pdf
- https://cdn.shopify.com/s/files/1/0431/2812/7637/files/tf2_medic_config.pdf
- https://cdn.shopify.com/s/files/1/0433/7418/2563/files/java_8_tutorials_point.pdf
- https://cdn.shopify.com/s/files/1/0429/7624/7971/files/detalenafi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000688c.bin5fc1a3b4e6741d7ee973ad0b50aeb3fe18cba1f6457577c5d488962cf9ff356c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x688C | 5156 bytes |
font_01_sfnt_off000079fd.binc5cc4c5f4291b4abcc16c8c5687a54341decec9700f1e6e5c065285c1e35cee5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79FD | 6480 bytes |
font_02_sfnt_off00008e8a.bin02fbc9eefad396c3744ab419bb61b9da43f3309af64662aa49e9b3feb46935be |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E8A | 14864 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.