MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic firing indicating a malicious redirector. The document body, though partially corrupted, contains text suggesting it is a 'science notebook chemistry matter and change workbook answer key', likely a lure to entice users to click the malicious link. The primary malicious URL identified is https://ttraff.me/wix?keyword=science+notebook+chemistry+matter+and+change+workbook+answer+key, which is designed to redirect users to further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=science+notebook+chemistry+matter+and+change+workbook+answer+key
- http://files.gsfchristianacademy.org/uploads/1/3/1/4/131409090/bilego-batijemosoresi-kajefux.pdf
- http://bemiza.needleartsonpaper.com/uploads/1/3/0/7/130739723/tiwepobobawiwupimufe.pdf
- https://ac642be9-beb3-4b47-99b9-e359cb9600dc.filesusr.com/ugd/b1dabf_00445aa16800443bbeb5acfd07d9e7ff.pdf?index=true
- https://649ac4b8-ab15-4479-9486-6bde3b0187c5.filesusr.com/ugd/46bfb0_e276a496c0fe4b678f2e64b4907815f1.pdf?index=true
- https://1677ebac-d2fd-47a7-a451-2c3ee803dfe1.filesusr.com/ugd/5262df_c3b1c6cd74094401b42008c5b0befc68.pdf?index=true
- https://d1e321f8-67fa-4792-bb36-3121e95da98d.filesusr.com/ugd/694d5d_f2f7103445b74c2396afebcd2701b41c.pdf?index=true
- https://f8585f82-eb45-413b-82c9-69d1901fd3b4.filesusr.com/ugd/5a1791_4486aa608e164376a34dcba752d9db98.pdf?index=true
- https://96b9678a-2db7-4e8c-b12c-b05c21f79f93.filesusr.com/ugd/3b7182_81f6fc9b428448d38ff2b582137812b5.pdf?index=true
- https://c30dda13-3568-4891-9f90-f5946502bb87.filesusr.com/ugd/b14caa_cc1bc5f533da4a6584d3f3ae5603660a.pdf?index=true
- https://e9597e68-fe4d-4c6d-8df1-b8133856313c.filesusr.com/ugd/31593d_6dfd7ad87acb4c9ab8733a567b69de4e.pdf?index=true
- https://c198c451-c5f7-47cd-aa51-26ccbbd6b91d.filesusr.com/ugd/69695d_832d977bb29b40cb8dec7baf07cd38ea.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004373.binde8222f8f530f647717f98cd8ae67799d5f4160e55365fd514882c932d9de98c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4373 | 5824 bytes |
font_01_sfnt_off0000572d.bin82629d2b48028fe696fac4e8fa61e247a502a41d8af2a901b1d98943ef205953 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x572D | 9680 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.