MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/wix?keyword=libre+baskerville+bold+font'. Additionally, it exhibits characteristics of a PDF link farm, embedding numerous external links, with the primary one being 'https://static.usrfiles.com/ugd/31593d_4e75b44a50f7493cb5e4bc5b7a316160.pdf'. The document body, though heavily obfuscated, contains these URLs, suggesting the intent is to redirect the user to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=libre+baskerville+bold+font
- https://static.usrfiles.com/ugd/31593d_4e75b44a50f7493cb5e4bc5b7a316160.pdf
- https://static.usrfiles.com/ugd/f515ca_76b0faeca560422181e91006c8079196.pdf
- https://static.usrfiles.com/ugd/429b25_0ef6d66e959e4ba08464f0653835311a.pdf
- https://static.usrfiles.com/ugd/0d089b_5a3dacf754294277b81d7b5de24307d4.pdf
- https://static.usrfiles.com/ugd/a771bd_0ebcb37f74b94fa680e6261ca0e16510.pdf
- https://static.usrfiles.com/ugd/451a43_25476666df8f4f228253e73a33becf8f.pdf
- https://static.usrfiles.com/ugd/374ce0_91293b5d8f2045c6a6b3b5bc4e1b7dad.pdf
- https://static.usrfiles.com/ugd/b8c837_da29784fddc941709d1303eb22aad9c3.pdf
- https://static.usrfiles.com/ugd/7f16bd_20f3264af4514dd88540b1237a16c748.pdf
- https://static.usrfiles.com/ugd/b3bc21_8c46293855a8498e8a41dfed63afba4f.pdf
- https://static.usrfiles.com/ugd/01e791_8c27afe5231c4bb1964e4d26d19386ba.pdf
- https://static.usrfiles.com/ugd/f35da0_563233c61f9540e7ab7866a715f16c0a.pdf
- https://static.usrfiles.com/ugd/33ab24_bc9591c26b7b45638c22cfd46582a0ac.pdf
- https://static.usrfiles.com/ugd/13ae68_ae83784968294835bd148c2fa768fa24.pdf
- https://static.usrfiles.com/ugd/86319b_52e20632357d4c3b91217062b2852f92.pdf
- https://static.usrfiles.com/ugd/b8c837_a7d1e08b2b22426390614c8d885f4e7b.pdf
- https://static.usrfiles.com/ugd/850f07_e4eb5dc860904a43b6c4db0b4aa1bd8f.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00009458.binae1b305a6dbc7d6931ac3697646c7b12351b5a2ca861c663fca64c0bd01ef7e8 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x9458 | 18308 bytes |
font_00_sfnt_off00005dde.bin6eb71f8ce346d5806ca3784722a6532ede8a5b87daacad338f289f64c3438d02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DDE | 5104 bytes |
font_01_sfnt_off00006f54.bin37b0ccd751ca1318cb4218ade354913d97c707a5e37ad38737166723b84d3819 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F54 | 10844 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.