MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/wix?keyword=best+reptile+and+amphibian+field+guide'. This indicates an attempt to lure the user to a potentially harmful site. The document body, though heavily obfuscated, also contains this URL, reinforcing the malicious intent. The presence of numerous other PDF links suggests a link farm or SEO poisoning tactic to distribute the malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=best+reptile+and+amphibian+field+guide
- http://bolij.rosariumsouthafrica.com/uploads/1/3/2/6/132695887/xupop.pdf
- http://vutedo.belleaurum.com/uploads/1/3/2/8/132814930/sawosimafafo.pdf
- https://3a4a7bca-9114-4797-a518-a890cde919f1.filesusr.com/ugd/594ae5_e73142f4a7f143f5977b4168d8aaa789.pdf?index=true
- https://29296484-a485-45a8-8e41-e55ed1761cdc.filesusr.com/ugd/3f80ec_699c250fe22643af85f83f4ee0932eab.pdf?index=true
- https://fec15ea4-fa4b-4624-bc4a-98aa367d6ff3.filesusr.com/ugd/86319b_858356a442744076a107fd9cd1f44b5f.pdf?index=true
- https://cdn.shopify.com/s/files/1/0432/6676/9054/files/juwasewibigisag.pdf
- https://cdn.shopify.com/s/files/1/0433/6055/1070/files/jotelo.pdf
- https://cdn.shopify.com/s/files/1/0460/1620/0863/files/30168260734.pdf
- https://cdn.shopify.com/s/files/1/0437/3646/5559/files/movies_online_from_any_website.pdf
- https://cdn.shopify.com/s/files/1/0431/1384/0794/files/pemogebagazelamufisipufet.pdf
- https://7afb284c-808d-4b1a-acd5-a39d06a6ec9e.filesusr.com/ugd/e948c1_4797f563606e40d78d2c9f07e925268e.pdf?index=true
- https://6133760c-5bbb-4e5d-8bec-5945d96f681c.filesusr.com/ugd/41a0b6_70e89927203049fb8779aabc86b5e229.pdf?index=true
- https://97eefccd-6c7c-4120-b91d-409801bc1cb0.filesusr.com/ugd/595093_c015e2195fbf479e99364df8a2283f2f.pdf?index=true
- https://25dedf25-0133-45ab-b18e-1f37b8a9e232.filesusr.com/ugd/cbe7f7_34b709f1b4b34d72bdcfaa154fac7834.pdf?index=true
- https://f8d69607-09d0-4b39-8a28-7b1bd2c519de.filesusr.com/ugd/0cd019_f8e71ad2de244be1a8012f202304b7d2.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a24.bin0eac1552a6a0cc8d6d43e14f5c157d052ff2bf21460314f67a2c213e0a454e63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A24 | 6744 bytes |
font_01_sfnt_off00007b0b.bin4e4f47e209ce71c31c61504821948604c9c00bbbef9f5ca18ea6a57455b4e07e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B0B | 5644 bytes |
font_02_sfnt_off00008e0c.bin280e2b2f4006816e68aec0be6dd1c0e7f263be788a84cc4ebf876739b6124c8d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E0C | 10424 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.