MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of external links, a technique commonly used for SEO poisoning or to direct users to malicious websites. ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a phishing or traffic redirection intent. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://madeiradrywall.com/uploads/1/3/0/4/130483074/dinepo-satobize-rudipawax-mewuxinuko.pdf
- http://maryloulenhart.com/uploads/1/3/0/6/130621498/2412637.pdf
- http://thesteaklab.com/uploads/1/3/0/3/130379206/zixuzanoxelaru_sepoga.pdf
- http://moderndayman.org/uploads/1/3/0/6/130604129/03144c46ff441ea.pdf
- http://taxtitlehelp.com/uploads/1/3/0/6/130604838/7287048.pdf
- http://shamrockbusinesscentre.com/uploads/1/3/0/9/130969939/9278303.pdf
- http://alixxpartners.com/uploads/1/3/0/5/130590036/nirad-fogesaniwo-gubipafenobanat.pdf
- http://thecaptainslady.com/uploads/1/3/0/2/130292110/25aa51.pdf
- http://undefeatedinteractive.com/uploads/1/3/0/6/130620801/481fb.pdf
- http://jobstrainingplacement.com/uploads/1/3/0/2/130288731/8127389.pdf
- http://landingmarket.net/uploads/1/3/0/5/130538939/ce80badd9c86511.pdf
- http://motherlodemontessori.org/uploads/1/3/0/4/130476351/e880c05f1d8.pdf
- http://spacecookies.us/uploads/1/3/0/6/130604541/bavimi_nolewa.pdf
- http://principiforwoodbridge.com/uploads/1/3/0/2/130287488/9459521.pdf
- http://torranceheating.net/uploads/1/3/0/6/130620847/6d4724d207d.pdf
- http://www.mcvanv.com/uploads/1/3/0/3/130324351/0521b968cb0.pdf
- http://mail.kreativplaner.net/uploads/1/3/0/3/130379170/1437476.pdf
- http://childrensliteratureandreading.org/uploads/1/3/0/5/130538863/e365e.pdf
- http://livinghubs.com/uploads/1/3/0/2/130270990/zenelevuwasox.pdf
- http://camryncs.com/uploads/1/3/0/3/130379285/gexun-vamewuduga.pdf
- http://swingstatereal.estate/uploads/1/3/0/6/130603756/vaxovi-borokuwu.pdf
- http://raghavmehta.com/uploads/1/3/0/2/130287894/a9a3a.pdf
- http://www.corelifetherapies.com/uploads/1/3/0/9/130969838/vojugifulufamufa.pdf
- http://morganrv.com/uploads/1/3/0/6/130639557/4269dd.pdf
- http://shopbelfast.info/uploads/1/3/0/3/130323594/130323594.html#disgenesia+gonadal+wikipedia
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicense
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005667.bine91619dfd4c72a85464d95ef1ba4e67df13020651c42071bafbe521a61d9f7fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5667 | 2652 bytes |
font_01_sfnt_off00006309.bincb483db10158ad71bf825e346b053277227dce80d14f3de32d25048ab3d714f7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6309 | 10408 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.