MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.cc/wix?keyword=bilinmeyen+adan%25C4%25B1n+%25C3%25B6yk%25C3%25BCs%25C3%25BC+epub'. This URL is likely intended to lead the user to a malicious site. The document also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to static.usrfiles.com. The presence of the malicious redirector suggests a phishing or social engineering attempt to direct users to harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=bilinmeyen+adan%25C4%25B1n+%25C3%25B6yk%25C3%25BCs%25C3%25BC+epub
- https://static.usrfiles.com/ugd/d01287_c4a78481f2a7464383cce7829d6466fb.pdf
- https://static.usrfiles.com/ugd/b8c837_3afd7d5d8d3d48d780e46f3371c6f3cd.pdf
- https://static.usrfiles.com/ugd/b8c837_6cc8e483236b4629a2d83a1a97a25f86.pdf
- https://static.usrfiles.com/ugd/451461_0fdf942ffc064819bc22de4d458202c5.pdf
- https://static.usrfiles.com/ugd/b8c837_d29ed62d444c44de8397e5e10c480ec2.pdf
- https://static.usrfiles.com/ugd/01bc73_bf642565a27347b59e3619be751aa94c.pdf
- https://static.usrfiles.com/ugd/9ff9b8_b69949cb959c4408b8e56032ba9bf86d.pdf
- https://static.usrfiles.com/ugd/dba42a_65650ed6b3a14342a957a0f041c3f36d.pdf
- https://static.usrfiles.com/ugd/b8c837_9ee590db22b0406ab72ad62683a0418b.pdf
- https://static.usrfiles.com/ugd/b8c837_0a0445fbf03441d0a8e13c78aaf8a6cc.pdf
- https://static.usrfiles.com/ugd/b8c837_fdb35831b317463ab47061c9d6790828.pdf
- https://static.usrfiles.com/ugd/b8c837_cc7a0b5618484dca89d0d83502fb0d85.pdf
- https://static.usrfiles.com/ugd/b8c837_7474e173042e48d09a9aaf84ad0c5dcb.pdf
- https://static.usrfiles.com/ugd/b8c837_1aa57594e02e441ea95b5da593fdcb4f.pdf
- https://cdn.shopify.com/s/files/1/0432/9567/0427/files/understanding_public_policy_theories_and_issues.pdf
- https://cdn.shopify.com/s/files/1/0432/2269/6098/files/blue_blue_eyes_song.pdf
- https://cdn.shopify.com/s/files/1/0432/6539/2804/files/mapopowibakekabarew.pdf
- https://cdn.shopify.com/s/files/1/0437/7496/7965/files/cognos_reporting_tool_latest_version.pdf
- https://cdn.shopify.com/s/files/1/0433/7664/0156/files/3432933269.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000667b.bincde60f38ff05edf43104e28f7ff9f99b6b77327a1294e615f627068bb6307462 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x667B | 5656 bytes |
font_01_sfnt_off0000791c.bin539bb3500bf5f5aa947c9fd834b4d996443aa3b69798e044cfae2bb29b448eec |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x791C | 11532 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.