MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file impersonates a cloud document sharing service to trick the user into clicking a link. The embedded link, 'https://ttraff.club/wix?keyword=manual+template+google+docs', is identified as a malicious redirector. The file also contains a mass external PDF link farm, with 'https://static.usrfiles.com/ugd/21b4a7_546d0062fa874a74b7d9cb959637cea8.pdf' being one of the linked PDFs. No scripts were extracted, but the PDF structure and embedded links strongly indicate a phishing or redirection attack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Cloud document impersonation lure medium SE_CLOUD_DOC_LUREDocument impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=manual+template+google+docs
- https://static.usrfiles.com/ugd/21b4a7_546d0062fa874a74b7d9cb959637cea8.pdf
- https://static.usrfiles.com/ugd/53c654_f3915ae9ff5e475ab49d33a3bf378d8d.pdf
- https://static.usrfiles.com/ugd/d902bb_e76bc21d34ef4a189b89c636b7568cfe.pdf
- https://static.usrfiles.com/ugd/516793_78bb40b6733f407a80fdec2204b6fe8f.pdf
- https://static.usrfiles.com/ugd/a107db_c0b0bfb3398e48969ba427d4605e220a.pdf
- https://static.usrfiles.com/ugd/99a8f2_e23fc2770a634d17a7a1f11d34eafdcf.pdf
- https://static.usrfiles.com/ugd/610d21_569c9b82f4ca4b6ab4196217bc4fa3cf.pdf
- https://static.usrfiles.com/ugd/b8c837_4fac8b22f7e44a8093401ab03043d3a5.pdf
- https://static.usrfiles.com/ugd/c34eac_d09782f8ce9a40d4959b066ed850bbd3.pdf
- https://static.usrfiles.com/ugd/d55797_fa9b67645ae64ae485f51b6b6491d689.pdf
- https://static.usrfiles.com/ugd/b8c837_65753c6de48c4181ab587ea8a8e608a2.pdf
- https://cdn.shopify.com/s/files/1/0431/5293/3021/files/73654729145.pdf
- https://cdn.shopify.com/s/files/1/0431/5319/5157/files/rider_waite_tarot_book.pdf
- https://cdn.shopify.com/s/files/1/0429/1792/0934/files/jurnal_belimbing_wuluh_untuk_hipertensi.pdf
- https://cdn.shopify.com/s/files/1/0432/9439/2485/files/rakodaz.pdf
- https://cdn.shopify.com/s/files/1/0438/1776/2973/files/search_engine_tutorial.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006ca5.bin0ae119ee40fa71e598d9364b7ff78197f062de3e4a0c2ae586b5f22c7c3554a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CA5 | 5136 bytes |
font_01_sfnt_off00007e0a.bin57ee151181c82ebcf16140240b9f0a6ad2ac441719f8c94f4cf90013b6492f5c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E0A | 10292 bytes |
font_02_sfnt_off0000a14a.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA14A | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.