MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to other PDF files. This suggests a tactic to manipulate search engine results or to distribute further malicious content. While no scripts were explicitly extracted, the ML_NYX_PDF_MALICIOUS and ClamAV detections indicate a high likelihood of malicious intent, possibly involving exploitation or phishing lures.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netsortia.net/uploads/1/3/0/2/130270963/fizusokis.pdf
- http://yihanpiano.com/uploads/1/3/0/4/130483394/5595358.pdf
- http://hotwinedeals.com/uploads/1/3/0/5/130590507/c85719ab.pdf
- http://mynaturalplayce.org/uploads/1/3/0/7/130776411/e19119d2f9202ad.pdf
- http://unidacers.store/uploads/1/3/0/6/130620642/4b8a67ede512643.pdf
- http://healthessentials.shop/uploads/1/3/0/3/130324050/xavimid.pdf
- http://aimonpurpose.com/uploads/1/3/0/5/130550998/2864254.pdf
- http://cloneofaclone.com/uploads/1/3/0/6/130620268/e9051e587.pdf
- http://timjonesphd.org/uploads/1/3/0/4/130436093/596802.pdf
- http://stbrendansreds.com/uploads/1/3/0/4/130488604/suzemer_voxusuvuv_supufufasof_sojebozol.pdf
- http://umsegundoantesdevocemorrer.net/uploads/1/3/0/8/130873786/kexizenizoditivur.pdf
- http://lexingtonschoolofmusic.net/uploads/1/3/0/7/130739533/ace132e93e37.pdf
- http://musesinthevineyard.com/uploads/1/3/0/6/130605059/nepezuzupeduwo.pdf
- http://ayasuda.com/uploads/1/3/0/3/130323207/1821139.pdf
- http://ready2mow.online/uploads/1/3/0/5/130588407/d9f6e6.pdf
- http://thekillerwhale.org/uploads/1/3/0/9/130969283/dolegosajig-gowug-nezukidovinu.pdf
- http://hashtagcitizen.org/uploads/1/3/0/5/130551341/jilarikenujigelilegi.pdf
- http://allincardhousesa.com/uploads/1/3/0/3/130313284/f2e3c709195a.pdf
- http://landmarkenglish.opole.pl/uploads/1/3/0/4/130488370/zedegimemefulezevoza.pdf
- http://newbist.com/uploads/1/3/0/3/130379596/pavad.pdf
- http://momosa.us/uploads/1/3/0/8/130873955/2966707.pdf
- http://mobilegeneratorservice.com/uploads/1/3/0/7/130739746/jerelujoluwasimobo.pdf
- http://hostmaster.wulfeadams.com/uploads/1/3/0/6/130639493/7340843.pdf
- http://livraexpress.ch/uploads/1/3/0/4/130476896/3367410.pdf
- http://ns2.pleasingfood.com/uploads/1/3/0/6/130603684/130603684.html#hitachi+ac+remote+auto+mode
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicense
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00002500.bin63f5e27ee3d24cc00d413e59c301cc73ab377383609796993547673f2bea898c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2500 | 2600 bytes |
font_01_sfnt_off000030a8.bin07b4f746b41682a810c700c6866100eedc958393b734dc979bb257906b9f1229 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x30A8 | 8104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.