MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing indicating it links to known malicious redirector infrastructure. The document body, though heavily obfuscated, contains the URL https://ttraff.com/wix?keyword=shrek+2+mp4+google+drive, which is likely intended to trick users into clicking through to a malicious site. The file also contains a large number of external PDF links, suggesting a link farm or SEO poisoning attempt.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=shrek+2+mp4+google+drive
- https://static.usrfiles.com/ugd/b8c837_6095cd605a4b43bca7bb6f59728d8c0f.pdf
- https://static.usrfiles.com/ugd/b8c837_425bd6552c5d45d7ad0710905ed22a1a.pdf
- https://static.usrfiles.com/ugd/b8c837_a6ac94d7694e49bdafb1d80a59324829.pdf
- https://static.usrfiles.com/ugd/b8c837_7aad1a7d4d234b7d821a4e902bbc6bbb.pdf
- https://static.usrfiles.com/ugd/b8c837_6ec1a1d830b44764a98a65e00688bf9c.pdf
- https://cdn.shopify.com/s/files/1/0438/5275/9200/files/10752175103.pdf
- https://cdn.shopify.com/s/files/1/0427/5775/0951/files/48963581473.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/30551251375.pdf
- https://cdn.shopify.com/s/files/1/0437/2388/2650/files/finepoxaxapejodusojedama.pdf
- https://cdn.shopify.com/s/files/1/0430/8323/5489/files/mitul.pdf
- https://static.usrfiles.com/ugd/b8c837_02d3e4587d254423a7fbd95ea432ab12.pdf
- https://static.usrfiles.com/ugd/b8c837_0fd2484c14884def85a5fb0ec61fbfc7.pdf
- https://static.usrfiles.com/ugd/de65f7_f07b630f31f54c9db1c616b907ef53dd.pdf
- https://static.usrfiles.com/ugd/b8c837_65e21b207f954b5aa20bf575f0bf44ab.pdf
- https://static.usrfiles.com/ugd/b8c837_13ee047d00e046cb88a652344cdcc94e.pdf
- https://static.usrfiles.com/ugd/b8c837_09714c9640e64a18a20a9b21644430a9.pdf
- https://static.usrfiles.com/ugd/8b2c09_ce9df6fef37a45a78cba9849b4c307b1.pdf
- https://static.usrfiles.com/ugd/d162e3_f35869faeb3a4fe1a76c12fb4211e346.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006ad7.binfc1ab741d246fa4b9cc44b9fe3183599b95f6e4cecf739d9d22475f762f1e141 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AD7 | 5432 bytes |
font_01_sfnt_off00007d38.binbe38186c9256ba0e64b07d34cca2e63b176d3ffd182ae4667a642b503e748fe0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D38 | 6148 bytes |
font_02_sfnt_off00008d18.bina57a1daeaa89d9f7f3969880dee032814e860157e0412872cba27e95397cdf49 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8D18 | 15440 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.