MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, which is also present in the document body. This link is designed to lure users into clicking it, likely leading to a malicious download or further compromise. The file also contains a large number of embedded links, many of which point to benign PDF files, suggesting a link farm or SEO poisoning tactic to obscure the malicious redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=polk+psw108+manual
- https://615405c9-4dc6-4476-880a-55da96ca8141.filesusr.com/ugd/237bf7_b9fcc88c632d4d5bb559561d9b010c26.pdf?index=true
- https://39d3ff81-6079-4251-99fe-d60c793e6a42.filesusr.com/ugd/0789d5_11a4fa9b00764791a90e1b91aab36ec5.pdf?index=true
- https://9a8476f6-46c9-46f4-afb8-adc9f1490be7.filesusr.com/ugd/d01287_275a3cb4a3c444a0afdd262de718d905.pdf?index=true
- https://f3a5e5fe-af75-40a7-ada1-f5e4feca8e81.filesusr.com/ugd/0bfb20_35896df0109045adb4e265407b84e4e7.pdf?index=true
- https://95c262c8-92b9-4f10-81e0-ebba5f630420.filesusr.com/ugd/96768c_b05bd585b3fc416e9e3ea9d1eb322c59.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/5338/2822/files/average_speed_by_country.pdf
- https://cdn.shopify.com/s/files/1/0434/3706/4348/files/25173953306.pdf
- https://cdn.shopify.com/s/files/1/0433/2532/5467/files/banwell_mccash_spectroscopy.pdf
- https://cdn.shopify.com/s/files/1/0458/0786/1926/files/comptia_project_study_guide_2nd_edition.pdf
- https://cdn.shopify.com/s/files/1/0432/2145/0914/files/32031108915.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/lojuxefututa.pdf
- https://cdn.shopify.com/s/files/1/0438/7287/8747/files/50531358424.pdf
- https://cdn.shopify.com/s/files/1/0429/8748/7395/files/10th_class_math_solution_free_download.pdf
- https://cdn.shopify.com/s/files/1/0428/6955/5356/files/78517557721.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004d3c.binb619e1c6951c96ca3a2316fcd58c8089c0ac831aabe15bae5e44ef8cc3c35124 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4D3C | 5416 bytes |
font_01_sfnt_off00005fb2.binfc868f0a68a8b926bff5d844f74a3046723ddeee1bfb4bd4dac1bda92a073fca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FB2 | 9980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.