MALICIOUS
192
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a large number of external links, many of which are structured as 'slugs' and point to other PDF files, indicating a link farm designed for SEO manipulation. The document body, though partially corrupted, contains language suggestive of advance-fee scams, such as references to 'comparative advantage' and 'liberalization of international trade' in a context that appears to be a lure. The presence of numerous unknown-reputation URLs further supports the malicious intent, likely to redirect users to phishing or scam pages.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://drlyons.net/uploads/1/3/0/6/130621634/sedew-memamezojaduru-firovituxilixu-votelegeselitub.pdf
- http://internetsmoney.net/uploads/1/3/0/6/130639476/vafavudinok.pdf
- http://alicemcoleman.com/uploads/1/3/0/2/130289736/ade4f.pdf
- http://mobilemultitasking.com/uploads/1/3/0/6/130603978/wenimiti-jenalasipoz-veduw.pdf
- http://cleansweepmusic.com/uploads/1/3/0/6/130620986/a0eea3aca.pdf
- http://singaporehiking.org/uploads/1/3/0/7/130776511/lajizadewudunelaga.pdf
- http://1988ltb.com/uploads/1/3/0/6/130604782/1428273.pdf
- http://glutenfreefoodie.blog/uploads/1/3/0/3/130313224/bojop-dokitigemiwali-dududiba.pdf
- http://myawaribox.com/uploads/1/3/0/5/130588505/4038873.pdf
- http://dmgatl.com/uploads/1/3/0/6/130605069/6a21ecccb7db364.pdf
- http://yardgamesets.com/uploads/1/3/0/6/130604465/dinafig_vigepap.pdf
- http://tintanegrahtx.com/uploads/1/3/0/4/130488101/domogiremenetop.pdf
- http://calaismack.com/uploads/1/3/0/2/130288333/digiwovodom.pdf
- http://nissanpatrolparts.com/uploads/1/3/0/6/130604498/4247409.pdf
- http://joe-otoole-photography.com/uploads/1/3/0/5/130588290/zekufujofit.pdf
- http://doortoinc.com/uploads/1/3/0/6/130639368/540145.pdf
- http://sonoranshadows.com/uploads/1/3/0/6/130604988/4961fd47cc8.pdf
- http://ahotel.life/uploads/1/3/0/8/130813869/9621921.pdf
- http://digoryswardrobe.net/uploads/1/3/0/4/130436085/zaxafijew_gaxelala_narinuj.pdf
- http://njadvancedeyecare.com/uploads/1/3/0/4/130483879/xewokujevatojexuve.pdf
- http://aqzsystems.us/uploads/1/3/0/4/130483389/6751379.pdf
- http://evangelizingyourself.com/uploads/1/3/0/6/130621212/vefaduvalaw-jidunoni-rizenoxinatukog.pdf
- http://tutorvirginia.com/uploads/1/3/0/6/130604808/dca2f.pdf
- http://cdiacademy.gammaxiques.org/uploads/1/3/0/7/130740190/130740190.html#under+the+theory+of+comparative+advantage+liberalization+of+international+trade+will
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000041a6.bin2cb8dae3c9700baf2c4863f27325f742c437367c8a4942219f31a4d9b35466ef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x41A6 | 7948 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.