MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, pointing to `https://ttraff.cc/wix?keyword=avery+mailing+label+template+30+per+sheet`. This URL is likely used to deliver a malicious payload or redirect to a phishing site. The document also contains a large number of external links, many pointing to `static.usrfiles.com`, suggesting a link farm or SEO poisoning attempt to increase visibility. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=avery+mailing+label+template+30+per+sheet
- https://static.usrfiles.com/ugd/b8c837_ea4791ef89ca4ce79789d26a538d9868.pdf
- https://static.usrfiles.com/ugd/de60da_99eb1255c9cb4f7a945c084955ab170f.pdf
- https://static.usrfiles.com/ugd/0c4177_d14cc5d6ea564f2f888886ac53a39465.pdf
- https://static.usrfiles.com/ugd/b8c837_ee07d8dff7c54610bdfb3dfd0d904837.pdf
- https://static.usrfiles.com/ugd/32acb1_02a584113ee14f8fadd70d6f85d8743a.pdf
- https://static.usrfiles.com/ugd/a298ce_0fef6fe9a6f548398e22eea2ea3e30b8.pdf
- https://static.usrfiles.com/ugd/3aca14_86bf27ebe10543eeb06d58e00e53763e.pdf
- https://cdn.shopify.com/s/files/1/0431/0538/6657/files/ador_fontech_welding_electrodes_catalogue.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/kewosa.pdf
- https://cdn.shopify.com/s/files/1/0428/7420/8415/files/pejadoropixonarirega.pdf
- https://cdn.shopify.com/s/files/1/0440/1420/7134/files/93183345908.pdf
- https://cdn.shopify.com/s/files/1/0429/4773/9811/files/jenimudotolidavuluwidew.pdf
- https://static.usrfiles.com/ugd/b8c837_d135705168cd4abcae0b1b26b3c28bfb.pdf
- https://static.usrfiles.com/ugd/b8c837_b6119add9b6548a69bda4b1565afe2f1.pdf
- https://static.usrfiles.com/ugd/b8c837_4428a6865b444c5a8e2229b284c24979.pdf
- https://static.usrfiles.com/ugd/b910ae_4980e0732c524486b6100cb0d0829e27.pdf
- https://static.usrfiles.com/ugd/04e6f9_a38dd6a8ca7642fe8d19911f9c979281.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000639b.binacd150c958c00bb360b2df37e31ad5ab95ec70dfc3e780f5ef7877485d8cab1b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x639B | 5508 bytes |
font_01_sfnt_off0000761c.bin5b2683bbc3334414413d3bf51cc3846f5589ff801922fdd277c94b59b0274ec2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x761C | 10660 bytes |
font_02_sfnt_off00009a95.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A95 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.