MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link. The embedded URL, https://ttraff.link/wix?keyword=%25D9%2585%25D8%25A7+%25D9%2585%25D9%258A+%25D8%25B7%25D8%25A8%25D8%25B9%25D8%25A9+%25D9%2585%25D9%258A%25D8%25B2%25D9%2588%25D8%25AA%25D9%258A%25D9%2586%25D8%25AA+%25D8%259F, is identified as malicious and likely leads to a scam or phishing attempt. No scripts were extracted, but the presence of the malicious URL is sufficient evidence for this assessment.
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=%25D9%2585%25D8%25A7+%25D9%2587%25D9%258A+%25D8%25B7%25D8%25A8%25D8%25B9%25D8%25A9+%25D9%2585%25D9%258A%25D8%25B2%25D9%2588%25D8%25AA%25D9%258A%25D9%2586%25D8%25AA+%25D8%259F
- https://cdn.shopify.com/s/files/1/0437/8935/3117/files/34246268064.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/51220099535.pdf
- https://cdn.shopify.com/s/files/1/0441/2653/5832/files/song_hallelujah_by_funbi.pdf
- https://cdn.shopify.com/s/files/1/0433/8227/6257/files/como_se_realiza_un_estudio_de_mercado.pdf
- https://cdn.shopify.com/s/files/1/0432/1925/5454/files/dulajewowafegetudozaxi.pdf
- https://cdn.shopify.com/s/files/1/0435/9369/5391/files/abu_dhabi_tourist_map.pdf
- https://cdn.shopify.com/s/files/1/0430/4958/2743/files/nepeweloleworepez.pdf
- https://static.usrfiles.com/ugd/b8c837_85c083b6b0854b4e8345a9ec73436407.pdf
- https://static.usrfiles.com/ugd/9ff9b8_ca1411986aac4bd286a0edd80edc32f9.pdf
- https://static.usrfiles.com/ugd/1f5cef_e72b30ed032c413386bc18a9076a8d0e.pdf
- https://static.usrfiles.com/ugd/1e32c2_10256b1af383495c884905f745fbb205.pdf
- https://cdn.shopify.com/s/files/1/0434/6114/8836/files/consignment_accounting_questions_answers.pdf
- https://cdn.shopify.com/s/files/1/0431/9825/1165/files/59380021939.pdf
- https://cdn.shopify.com/s/files/1/0431/3153/5524/files/maxiv.pdf
- https://cdn.shopify.com/s/files/1/0432/1683/0632/files/perfect_answer_of_tell_me_about_yourself.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_008_off00024b3d.binfe1473eb9f3f1a9d0a528956213e03ebfafe247e7f4db23954a45a459effbc52 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x24B3D | 35380 bytes |
font_00_sfnt_off0001df8c.bin37a1a92b3f880774db0d3a6493996a985010c93858f3f43c0ed219cc4c6b3485 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1DF8C | 4152 bytes |
font_01_sfnt_off0001ee30.bin88b4df287869f8a87cfca73fa70e055f9c8c0ff4f418bc447a4fa7089e3d2d74 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1EE30 | 4068 bytes |
font_02_sfnt_off0001fc0f.binf2227425c764121f73852bf95d8534da468a658f118ce8c5d9ff0ceda6c5578d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FC0F | 17988 bytes |
font_03_sfnt_off000217b0.bin7f7a6aeaa4339027320a9ba7c5f250892796f1ccb4367fcd250157da1b6ec44b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x217B0 | 16848 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.