MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'ttraff.com'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded links, many hosted on 'static.usrfiles.com' and 'cdn.shopify.com'. The presence of a visual download button lure further supports a malicious intent to trick the user into clicking the malicious redirector. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=zip+gta+5+ppsspp
- https://cdn.shopify.com/s/files/1/0429/8565/2375/files/7565596624.pdf
- https://cdn.shopify.com/s/files/1/0429/7061/1861/files/64460628443.pdf
- https://cdn.shopify.com/s/files/1/0432/6467/1909/files/guromojisupaboguwawe.pdf
- https://cdn.shopify.com/s/files/1/0431/7301/9808/files/najipafolagenidizez.pdf
- https://cdn.shopify.com/s/files/1/0429/1585/6550/files/16735327276.pdf
- https://static.usrfiles.com/ugd/b8c837_165ba7408e5c438182cb6fd99e60f9c1.pdf
- https://static.usrfiles.com/ugd/b8c837_df1a1c20865c4c6e9d4104b2398e5560.pdf
- https://static.usrfiles.com/ugd/b8c837_b9a42f47445e48849989b37a702e4ada.pdf
- https://static.usrfiles.com/ugd/67e251_7ad37a691e98401883136a2cd7357c5d.pdf
- https://static.usrfiles.com/ugd/b8c837_460d0313e2ff4da7bcfcd08254136c0b.pdf
- https://static.usrfiles.com/ugd/b8c837_04c8d2ed750348cc964112c5802ceda1.pdf
- https://static.usrfiles.com/ugd/b8c837_649517d3e2b14ba1816d4229783b3e13.pdf
- https://static.usrfiles.com/ugd/b8c837_b5c3234a0c6d4ca9ad8487bff3f9df42.pdf
- https://static.usrfiles.com/ugd/b8c837_1c9dc17f58ea457fae53f3754bd9556e.pdf
- https://static.usrfiles.com/ugd/b8c837_4599b1e1f34d4d9885625c493d52c647.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000063d2.bin6c992932cf9272c112dca0b45172a9b6e9408ac608b30e7fb4a794d28e6355b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63D2 | 4940 bytes |
font_01_sfnt_off000074b8.bin4848240232a47107238aebd87bf5a51d755e801f30fe851afa33c0fa11721650 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74B8 | 2572 bytes |
font_02_sfnt_off00008000.bine36f70c35237730657bc4ef4a333b42a08678cc0ad634739b0c4f5a504390178 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8000 | 10440 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.