MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a malicious redirector link disguised as a 'Bsf payslip login'. This link points to 'ttraff.club', which is flagged as malicious infrastructure. The document also contains a large number of embedded links, many of which point to benign Shopify URLs, likely as part of a link farm to improve SEO for the malicious redirector. The presence of a 'download button' lure further supports a phishing or scam attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=bsf+payslip+login
- https://cdn.shopify.com/s/files/1/0437/0844/8919/files/perianal_abscess_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0445/7873/4239/files/schiraldi_equilibrio_acido_base.pdf
- https://cdn.shopify.com/s/files/1/0428/7863/2095/files/consonant_blends_assessment.pdf
- https://static.usrfiles.com/ugd/7ea8bb_95ff4b31d78b43c2a5af85437b686c75.pdf
- https://static.usrfiles.com/ugd/2c8d66_c61d16bb9bad43c9a8414d1be6b9c4c5.pdf
- https://static.usrfiles.com/ugd/f1d680_15aebf1ebec043ceae594e1b7f46af31.pdf
- https://static.usrfiles.com/ugd/bb13a2_5b41805ba9ff4ee39a32d8f0d19fd1b9.pdf
- https://static.usrfiles.com/ugd/7be1cd_14ec343b6f614c9a8d5ad48b2b31c380.pdf
- https://static.usrfiles.com/ugd/83b1b3_6e3effeeacbc4084993abfb870fcb378.pdf
- https://static.usrfiles.com/ugd/b8c837_8afa378f9c414a4cad1c4fd2df8203d2.pdf
- https://static.usrfiles.com/ugd/b8c837_da67616249a94069aded818778114e0a.pdf
- https://cdn.shopify.com/s/files/1/0462/3545/1543/files/43699304454.pdf
- https://cdn.shopify.com/s/files/1/0454/2503/3372/files/canon_600d_manual_focus_tutorial.pdf
- https://cdn.shopify.com/s/files/1/0450/0983/0046/files/banking_sector_meaning.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006177.binad573128be89522acd14ab211594120e8c491372097b3013650fd15b9a34f238 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6177 | 4712 bytes |
font_01_sfnt_off0000718b.bindf10c9182d9689d7b4e5f3e5b3bbf3321414c443fe0774bd065b97ae66d9421e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x718B | 10120 bytes |
font_02_sfnt_off0000942f.bin1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x942F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.