MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many pointing to the same domain (static.usrfiles.com), which is indicative of a link farm. One prominent URL, 'https://ttraff.com/wix?keyword=csgo+free++steam', is flagged as a malicious redirector. The document body, though heavily garbled, contains text related to 'csgo free steam' and the URLs, suggesting a lure to attract users to potentially malicious content. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=csgo+free++steam
- https://static.usrfiles.com/ugd/8ab72e_aa5c315918a647a48bd60c53c0b8b7b5.pdf
- https://static.usrfiles.com/ugd/6c032c_b4e11828dd2e4913af34257c35a85f45.pdf
- https://static.usrfiles.com/ugd/90c678_52e60b1ca1bb48a48e90c7609d982941.pdf
- https://static.usrfiles.com/ugd/d1d005_bd6d13826e62496498a0c16bca5b6a2b.pdf
- https://static.usrfiles.com/ugd/b8c837_b15d50d21fc74e01b4827209e2ba98de.pdf
- https://static.usrfiles.com/ugd/daca0d_8a08945624eb4a80bcec511cf818c367.pdf
- https://static.usrfiles.com/ugd/b8c837_3788ef4b22f04e26b740a3afc9530709.pdf
- https://static.usrfiles.com/ugd/735189_7bb205a7220a44b0bb9b40ec1f53301d.pdf
- https://static.usrfiles.com/ugd/eda9ba_ce4d592bdcee4150a2ae2536ce8eaff6.pdf
- https://static.usrfiles.com/ugd/0f5b72_80a94e25462b4af88322dac30aaa36f4.pdf
- https://static.usrfiles.com/ugd/fbccce_ea3dc19a911342a9a212e88c139de073.pdf
- https://static.usrfiles.com/ugd/bb13a2_7f9e15fc612040a0beeb609176da4191.pdf
- https://static.usrfiles.com/ugd/ade4e6_7a996f7299ff471e9529d47c5c0c5eb9.pdf
- https://static.usrfiles.com/ugd/b8c837_3d441e442d24465d8a858796d771ab93.pdf
- https://static.usrfiles.com/ugd/3b7182_a350b01d869f4dfb92558566286dfea3.pdf
- https://static.usrfiles.com/ugd/b8c837_614a9fbf0c054cf2897bdc359360e45d.pdf
- https://static.usrfiles.com/ugd/b8c837_20cd28342c4c4789b321a1bce7b0533a.pdf
- https://static.usrfiles.com/ugd/5b5da7_dad2743ce40b4a249a4665c619a372d8.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000524e.bin16f0b9d1f047a4b6134cd961f20081930932ced3fe68a6e0c3f2d3a83daa34a8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x524E | 5228 bytes |
font_01_sfnt_off00006485.bin4528734e77dfdb038e7c85bd3ade3aaf398b0eb6d005f40a784a64f67a64bc51 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6485 | 4712 bytes |
font_02_sfnt_off0000748a.bin71ae1e87e24ff3dcdafa4dc30b1609df4aa67d7bdf226b50132f578fd70c7df4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x748A | 10084 bytes |
font_03_sfnt_off0000971b.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x971B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.