MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded external links to other PDF files hosted on various domains, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or distribute malicious content. The ML classifier and ClamAV detection further confirm the malicious nature of the file, with ClamAV identifying it as Pdf.Phishing.TtraffRobotInstall-7605656-0.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://drainetfissures.com/uploads/1/3/0/7/130775294/aa40d.pdf
- http://churchconstructionintercessors.org/uploads/1/3/0/2/130289339/zelakilumabif.pdf
- http://choicecutengraving.com/uploads/1/3/0/2/130271132/busukoravafo.pdf
- http://cmm-programmer.com/uploads/1/3/0/7/130776276/pavovarujajakir.pdf
- http://tranquil-touch-healing.com/uploads/1/3/0/7/130776735/c66bf9d3c5644c4.pdf
- http://themavins.net/uploads/1/3/0/2/130289493/6699792.pdf
- http://www.spunkii.co/uploads/1/3/0/8/130813320/rizolomosa-xorajevibaka-lefozubemojeku.pdf
- http://mainstreetnewjersey.net/uploads/1/3/0/6/130640020/720771.pdf
- http://rikkibox.com/uploads/1/3/0/6/130639115/9842812.pdf
- http://angelasoffice.com/uploads/1/3/0/4/130435581/fozowudoji_jufaniwiz.pdf
- http://statussphere.com/uploads/1/3/0/9/130969041/ditasarugukixi.pdf
- http://barnfreshcycles.com/uploads/1/3/0/5/130544230/rupasunarivalos-baven-ginotasugeb.pdf
- http://bsmithcontracting.com/uploads/1/3/0/7/130740212/mupupakenosu.pdf
- http://weiblespaintandwallpaper.com/uploads/1/3/0/5/130588943/0d81d9ae1.pdf
- http://mydtronic.com/uploads/1/3/0/3/130324164/5873930.pdf
- http://www.luxurylodingbylaura.com/uploads/1/3/0/7/130775106/wekuxujo.pdf
- http://flyycollections.store/uploads/1/3/0/2/130270955/379972e0bd.pdf
- http://673comoavenue.com/uploads/1/3/0/2/130287533/71fcb29b98d.pdf
- http://realmorrowpost.com/uploads/1/3/0/6/130639922/rominefatusiga_wilukuvowebewu.pdf
- http://cyannereviews.com/uploads/1/3/0/6/130639464/5388692.pdf
- http://vistasonthegulf.com/uploads/1/3/0/5/130588195/22c179841f836.pdf
- http://common-sense-government.org/uploads/1/3/0/2/130272280/zivigizenovuvomozi.pdf
- http://pitch-dark.net/uploads/1/3/0/5/130542736/natizomitazulox.pdf
- http://www.thebigbookoflittlestars.com/uploads/1/3/0/5/130542937/9837975.pdf
- http://blackfilmcentre.org/uploads/1/3/0/2/130289317/130289317.html#pdf+resize+online+more+than+100mb
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000030e8.bince1ba838c2d0f90dd1bfba1230cfc5949966c02719205e098123f06f335cd1c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x30E8 | 7752 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.