MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass of external links, masquerading as a download for 'Acrobat pro dc trial'. One of these links, https://ttraff.me/wix?keyword=acrobat+pro+dc++trial, points to a known malicious redirector. The document body is heavily obfuscated but contains the lure text and the malicious URL. The presence of numerous links and a malicious redirector indicates a phishing or social engineering attack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=acrobat+pro+dc++trial
- https://static.usrfiles.com/ugd/b8c837_ccf468dcf2bc49ac84922b3fc48405da.pdf
- https://static.usrfiles.com/ugd/b8c837_f244d413efbd4490a8a22d3cdf270720.pdf
- https://static.usrfiles.com/ugd/2274a7_b1223b02d602406c84c586f5fb43e0c7.pdf
- https://static.usrfiles.com/ugd/ed8107_ef2005769734441896730218fee5c497.pdf
- https://static.usrfiles.com/ugd/b4609a_bae8686871fa40fdbe232209f5cc7471.pdf
- https://static.usrfiles.com/ugd/6924eb_4b2ba484dea34fbca0020f716cef925c.pdf
- https://static.usrfiles.com/ugd/fb41f9_857c6a890c6e4750ae9c98b3ab269ee8.pdf
- https://static.usrfiles.com/ugd/a467d2_878c0177dabf4fe586716fd3a9f85cd7.pdf
- https://static.usrfiles.com/ugd/f65175_a66babb060b444a98f8be4b374bd1264.pdf
- https://static.usrfiles.com/ugd/008e52_121c83eee91d423eb37eba2f247ace54.pdf
- https://static.usrfiles.com/ugd/db80c5_e1fe25894c524371b72f4cd4f701ec1f.pdf
- https://cdn.shopify.com/s/files/1/0437/3463/0554/files/digestive_system_structure.pdf
- https://cdn.shopify.com/s/files/1/0431/9376/1956/files/likagawurewotupovepe.pdf
- https://cdn.shopify.com/s/files/1/0469/0444/3040/files/83952831816.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000749c.bin60a0da8404760875dc639e20ffb491823417469a2fb3a7687f1dfc2d799d8d80 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x749C | 5236 bytes |
font_01_sfnt_off00008706.bin8ebfffe4aa92809d85559774bd5c2664b056581a4c6d29004fdaa03bdb654dc4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8706 | 5016 bytes |
font_02_sfnt_off00009821.bina29ab672b796ad4297c7b103b3778fc3abc6cdd7e781d7f6f5f87680ac4bce0e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9821 | 10176 bytes |
font_03_sfnt_off0000bb39.binb88c55219ef84bd2ff48a12f23060c6b86d25efbafe4a8493ce51f9ac91249ff |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBB39 | 16488 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.