MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to a critical heuristic firing for a malicious redirector link. It also contains a mass external PDF link farm, with many links pointing to static.usrfiles.com. The embedded URL https://ttraff.cc/wix?keyword=android+emulator+game+loop is flagged as malicious, suggesting it's a primary component of the attack. The document body contains garbled text but includes the malicious URL and several benign-looking PDF links, indicating a likely attempt to lure users to malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=android+emulator+game+loop
- https://static.usrfiles.com/ugd/599026_9dcea43c3dda4fdd9af441769e0b7f23.pdf
- https://static.usrfiles.com/ugd/b8c837_9b54dda0625446d084d3c7b31061e438.pdf
- https://static.usrfiles.com/ugd/fe0276_84c55ef4c7714bc8b80eecd2049ff555.pdf
- https://static.usrfiles.com/ugd/41a0b6_3633055f14c64854a99994c2c6853589.pdf
- https://cdn.shopify.com/s/files/1/0433/4416/7064/files/forces_worksheet_3_answer_key.pdf
- https://cdn.shopify.com/s/files/1/0433/9567/8357/files/muzutulekadono.pdf
- https://cdn.shopify.com/s/files/1/0433/9607/1589/files/factorio_logistics_robots_guide.pdf
- https://cdn.shopify.com/s/files/1/0431/4071/0562/files/4747898717.pdf
- https://static.usrfiles.com/ugd/55cc32_a9c53bf40637464fb6985be7ccce95e0.pdf
- https://static.usrfiles.com/ugd/cd1d52_5a9e964da7ec44d0bdb959299d6e4c14.pdf
- https://static.usrfiles.com/ugd/d54300_6dc847931b804393afe5900d529930d2.pdf
- https://static.usrfiles.com/ugd/3fb742_6d8123c95ad84394a39fe943bdde16bf.pdf
- https://static.usrfiles.com/ugd/9eb187_d742c0a17e03463bbb6088fcecabc4ab.pdf
- https://static.usrfiles.com/ugd/24853a_263cf6fc08674bc598f2b9b2c27fd7ad.pdf
- https://static.usrfiles.com/ugd/b1dabf_8e6a85ffa06149b4ad43c265057a4aca.pdf
- https://static.usrfiles.com/ugd/de02f3_b3b9f4a2e7f8456bba8f8b4e8bc4029c.pdf
- https://static.usrfiles.com/ugd/7e6083_7c990b2f987d426e8b069d2d80d8c182.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000063d6.bineba7ececeac6c560ce4ce9b81d46fb9cfd6052fad1046db7a9e0fa29500898da |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63D6 | 5088 bytes |
font_01_sfnt_off0000750c.bina73603b9d1f3637802968dae0c4ab4f5c98d6de36a7225664459ac503fb34a0c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x750C | 10128 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.