MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
This PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. The PDF contains a large number of external links, identified as a 'SEO LINK FARM', with the primary host being 'bigdataclass.com'. The document body, though partially corrupted, mentions 'Physical education class 12 pdf file' and refers to a study app, suggesting a lure to trick users into clicking the embedded links. The embedded links likely lead to further malicious content or phishing pages.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://bigdataclass.com/uploads/1/3/0/6/130639333/9189499.pdf
- http://mail.pupplesapp.com/uploads/1/3/0/5/130588846/7977531.pdf
- http://elijahsaltar.com/uploads/1/3/0/6/130621310/fab7c986a9738.pdf
- http://edemtec.com/uploads/1/3/0/7/130739445/xikuso-fuzesasafosuza-fifanofaf-jexarebeli.pdf
- http://jozibestwomensclinic.com/uploads/1/3/0/6/130620839/2385332.pdf
- http://morrisboydphotography.com/uploads/1/3/0/7/130775228/3803824.pdf
- http://cares3dlab.com/uploads/1/3/0/6/130621589/9442722.pdf
- http://jamesdavidson.photography/uploads/1/3/0/8/130814784/7456700.pdf
- http://www.ekvi.no/uploads/1/3/0/2/130289336/rutumejajedagirufek.pdf
- http://mta-sts.allforonefoundation.org/uploads/1/3/0/5/130540211/c02e52891dc8481.pdf
- http://coloradooverlandexpo.com/uploads/1/3/0/4/130477492/lenatane.pdf
- http://domesticsquirrel.com/uploads/1/3/0/7/130738623/putufu.pdf
- http://nmarphotog.com/uploads/1/3/0/3/130379561/maxanojefoze-gasixaramudaz.pdf
- http://bonniejohnston.com/uploads/1/3/0/3/130323674/xodulifurimexo_bitorigu.pdf
- http://indieboomfilmfest.com/uploads/1/3/0/8/130813550/vifero-lijixokigepot-pitadiwi.pdf
- http://weekendjustice.com/uploads/1/3/0/6/130639803/valurilimugata_wajijami_wivebuxegifu.pdf
- http://lianafaith.net/uploads/1/3/0/6/130621361/titezivubiweter.pdf
- http://www.bodywellnessbydesign.com/uploads/1/3/0/5/130550876/60925fc8dab48.pdf
- http://mid-americathermalimaging.com/uploads/1/3/0/7/130776542/nubutelorup-bevoseg-gufap.pdf
- http://camdenauctions.com/uploads/1/3/0/2/130270907/mudibaw.pdf
- http://madirobertsonphotography.com/uploads/1/3/0/4/130435902/joworokuzaliwuz_musup_mimote_givadofapad.pdf
- http://katherinemunster.com/uploads/1/3/0/6/130639028/30572e1f8ce.pdf
- http://christinecarson.net/uploads/1/3/0/7/130738615/mabupufob-zakepularo-zafejozipafezi.pdf
- http://andrewcarlosarchitect.com/uploads/1/3/0/6/130622061/4f22a2e1f198be.pdf
- http://hailifangyulechengxianlu.br3h.com/uploads/1/3/0/4/130476389/130476389.html#physical+education+class+12+pdf+file
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000340d.bin51541327c0e61966aa47c05ba54f06975660078616a69fd3f5f2e4fd47c4b6c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x340D | 16116 bytes |
font_01_sfnt_off00004ba1.bin0d68a9d5b558f55ac91ec7aed0c5fb7ae8608bcc0d4ccf6a4105af991c62ef67 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4BA1 | 7908 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.