MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.cc/wix?keyword=piano+chords+chart+notes'. Additionally, it exhibits a PDF link farm heuristic, indicating a large number of external links, with 'https://static.usrfiles.com/ugd/b50c55_afb71a3275e2406aa0e651e729572463.pdf' being the first listed. The presence of a 'Download Button' heuristic further suggests a lure to encourage user interaction with these links. The document body, though partially corrupted, contains the malicious URL.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=piano+chords+chart+notes
- https://static.usrfiles.com/ugd/b50c55_afb71a3275e2406aa0e651e729572463.pdf
- https://static.usrfiles.com/ugd/b8c837_dbf61614925c45b59beeea5a0c209236.pdf
- https://static.usrfiles.com/ugd/60933b_f434f56c682041399495c7a0d06f54fb.pdf
- https://static.usrfiles.com/ugd/b8c837_db43475c013b4a038cbe994afa5ee37f.pdf
- https://static.usrfiles.com/ugd/b8c837_ca90cdc4ee4248cb9a02fae74eff77a1.pdf
- https://static.usrfiles.com/ugd/2813e2_4a3d53dac7664c88b2b090180e9e58cf.pdf
- https://static.usrfiles.com/ugd/5899d5_9a20d0b5f3ae41498a2c89f58d851d2b.pdf
- https://static.usrfiles.com/ugd/d7ba0f_f3d49b990e9e4bf086f86755d258c64c.pdf
- https://static.usrfiles.com/ugd/b8c837_3279adcd308141108f647b98d0b30610.pdf
- https://static.usrfiles.com/ugd/696b8a_716677ced8d04d83a18e9fa8fea9c63f.pdf
- https://static.usrfiles.com/ugd/b85eb0_5352d5071bb0442abf91980c8bac0b4e.pdf
- https://cdn.shopify.com/s/files/1/0428/9105/1161/files/24248109623.pdf
- https://cdn.shopify.com/s/files/1/0447/9765/7248/files/75969939910.pdf
- https://cdn.shopify.com/s/files/1/0437/2096/6298/files/rovenarojug.pdf
- https://cdn.shopify.com/s/files/1/0440/6693/0840/files/blackberry_10_os_games_free.pdf
- https://cdn.shopify.com/s/files/1/0433/7198/7098/files/jandy_valve_actuator.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cc6.bin94bfbcca32cc93c47eb3dc2637084c277c02f5c156c271d80e23f86cc9173134 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CC6 | 4996 bytes |
font_01_sfnt_off00007da8.binbdfce4a5e8e1e9fca78147d450a77356986e534c119a913e0a7e245bdfe8b636 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DA8 | 11644 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.