MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.link/wix?keyword=limitless+html+template'. This URL is presented within the document body, suggesting a social engineering lure. The PDF also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to 'static.usrfiles.com'. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=limitless+html+template
- https://static.usrfiles.com/ugd/82d61e_f94e5bf6627f4b4fbe7b5c91455a3bea.pdf
- https://static.usrfiles.com/ugd/ee4a13_97e60ab9df9e43e3873a9b638a7f6411.pdf
- https://static.usrfiles.com/ugd/3e0cb9_59c539f8b0a0417795507a4d2210b173.pdf
- https://static.usrfiles.com/ugd/837d34_fd9a871366514a1ea57739b2b9fa58af.pdf
- https://static.usrfiles.com/ugd/64e449_decc31a7b91e4ae1b074e50736a75f8c.pdf
- https://static.usrfiles.com/ugd/f46427_08cf17e19bbe4cf7b2b57476ab5deaaa.pdf
- https://static.usrfiles.com/ugd/856cea_bd5aea0a85d8435fa7bd0ee610fdb841.pdf
- https://static.usrfiles.com/ugd/73cb9e_196730cea8fa4d668faabd033f367f9e.pdf
- https://static.usrfiles.com/ugd/c722c2_9ce7c764d4624913bdb9d3cdb419d095.pdf
- https://static.usrfiles.com/ugd/b8c837_c2fb51372f29401490b51c546366477a.pdf
- https://static.usrfiles.com/ugd/1d3654_633d798cd2774240ae20f7aaacdb82c2.pdf
- https://static.usrfiles.com/ugd/b8c837_e2b7ad57c16844b7aa4a5a192e0c8564.pdf
- https://static.usrfiles.com/ugd/57c819_32dfd6fc755c4a63bc4dbda4102a290a.pdf
- https://cdn.shopify.com/s/files/1/0432/1057/1940/files/lost_document_affidavit_south_africa_template.pdf
- https://cdn.shopify.com/s/files/1/0427/9762/9596/files/jukezotasogot.pdf
- https://cdn.shopify.com/s/files/1/0434/9476/8802/files/lelidume.pdf
- https://cdn.shopify.com/s/files/1/0468/1279/0938/files/waveform_of_bistable_multivibrator_using_transistor.pdf
- https://cdn.shopify.com/s/files/1/0431/1869/0458/files/wordpress_twenty_seventeen_child_theme.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f3fc.bin3290295957b8229ff20e2e1ab8479a200e2f4f6cbcfda87756a6066d0d82d8dd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF3FC | 4904 bytes |
font_01_sfnt_off00010482.bin4c45331251ab36e01a5613674ae867c41c817e42355ebf1ebac0e6c0191485da |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10482 | 15680 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.