MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link pointing to 'ttraff.com', which is also present in the document body. The document also exhibits characteristics of a callback phishing lure, suggesting a social engineering attempt. The presence of a large number of embedded links, many pointing to 'static.usrfiles.com', indicates a link farm strategy, likely to obscure the malicious redirector.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=new+jersey+driver+license+test+manual
- https://static.usrfiles.com/ugd/565485_326ae067b02140e6a9e46247becd1f39.pdf
- https://static.usrfiles.com/ugd/b8c837_115748a129394b8687d7017c60d30874.pdf
- https://static.usrfiles.com/ugd/704566_ac585c3c39c145858fc445504f13ffb3.pdf
- https://static.usrfiles.com/ugd/b8c837_3cba043c14bd4ee79519e9e6063bc1b0.pdf
- https://static.usrfiles.com/ugd/ea78e0_148f5bc6c8ee45eb8ab75ec6754a841a.pdf
- https://static.usrfiles.com/ugd/b8c837_d3b4206bbce545d3b2943c8005c1a762.pdf
- https://static.usrfiles.com/ugd/b8c837_92636154c2234b04bc6406555cb7d128.pdf
- https://static.usrfiles.com/ugd/b8c837_c3f3980ecb40432683dddd56453d5a04.pdf
- https://static.usrfiles.com/ugd/097bd5_e3b16e12cf2743dda63ba95a9708fbd0.pdf
- https://static.usrfiles.com/ugd/b8c837_a5df11c53f3d4faba3d9b4c8ef134d20.pdf
- https://static.usrfiles.com/ugd/b8c837_b4bb41c7ee6b4b35a794a79d73f2bfab.pdf
- https://static.usrfiles.com/ugd/b8c837_8760f83c6d9e438c8930dca21a1b05d6.pdf
- https://static.usrfiles.com/ugd/bf650e_f00c311fdd924745ac37f1b76522aa44.pdf
- https://static.usrfiles.com/ugd/e3c460_d746df31f9e34928803d90ec0ff63754.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c7f.binfd0b6a2f8fd4ba6b5b3958fa651d175f9f663d1e483bac8c8ef58aad8d421c5a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C7F | 5384 bytes |
font_01_sfnt_off00007ed5.binc0eac430e804403567a24d033d76eac10e8760487ba85158fae5e4020bf9844c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7ED5 | 10248 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.