MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/wix?keyword=jurassic+park+video+worksheet+key'. The document body, though heavily obfuscated, appears to contain references to this lure. The file also exhibits characteristics of a link farm, with numerous external PDF links, suggesting a broader distribution or redirection strategy. The primary attack vector is the malicious link embedded within the document.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=jurassic+park+video+worksheet+key
- https://cdn.shopify.com/s/files/1/0437/6671/0433/files/japanese_landscape_architecture.pdf
- https://cdn.shopify.com/s/files/1/0431/6073/1808/files/finisod.pdf
- https://cdn.shopify.com/s/files/1/0430/3755/6889/files/74723201593.pdf
- https://51724169-57c8-4f7a-a586-26a927796aa7.filesusr.com/ugd/b80405_35e19148e4ed4e7ca22f4a7e5e679dcf.pdf?index=true
- https://987c7494-bab3-4237-be41-c2bdd2ea1418.filesusr.com/ugd/05301a_b1445bfdbcae47c68d2ed9862df52f0e.pdf?index=true
- https://c6c7d112-b28b-457e-8d99-74803d3c7303.filesusr.com/ugd/1c44ce_81ce6cae5d9a48918ae7bb8ff194d602.pdf?index=true
- https://c94c9e99-33b0-4cfd-84f0-7f901e17dd07.filesusr.com/ugd/191a6d_cd94d0eac741409eb486e3b8756b14bb.pdf?index=true
- https://318218c0-8b6b-4e16-adf4-e7fe66e055a8.filesusr.com/ugd/dbbfd0_cbe3de5e84b14075a7cda1c7e27c5a9c.pdf?index=true
- https://712d21af-8466-457e-ba99-0208ae8f7b23.filesusr.com/ugd/10b11f_42946e0a18bf46cfa9a86bad8c9448a6.pdf?index=true
- https://44032c82-0a6b-4b44-91de-bf640edad03d.filesusr.com/ugd/81d6a4_ccaa5f48edcc480297f08b0d74bfa12c.pdf?index=true
- https://8d748319-24f5-4fb6-bcf6-af40b025685a.filesusr.com/ugd/ba2c19_01cbf4236a874462883512f49dd222e6.pdf?index=true
- https://60a88462-2f55-49fd-a588-19283c36b891.filesusr.com/ugd/1ebe14_742a0d88d3dd48ee8513ffb4dd77755a.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000047a2.bin7a839b26b8d2894374c85b41117697f13fdd4ce95d5d626c3872d512f41d8052 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x47A2 | 5212 bytes |
font_01_sfnt_off00005989.bin926ba1da79bb9ee730ee9e5e241a02acc91ea9a1d7a46cdc40407aefbb431a21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5989 | 13300 bytes |
font_02_sfnt_off000082f6.bin1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82F6 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.