MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various domains. The SE_ADVANCE_FEE_SCAM_LURE heuristic indicates that the document's content is designed to trick users into believing they are entitled to a prize or funds, requiring them to take further action, such as clicking on the provided links. The CLAMAV_DETECTION heuristic confirms this file is recognized as malicious. The embedded links are the primary IOCs, likely leading to phishing or scam pages.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://right-style.ru/uploads/2020/01/27/pokosiva.pdf
- http://tijod.cityglush7.icu/uploads/2020/01/28/1468306.pdf
- http://sazi.tvpays.info/uploads/2020/01/28/3799242.pdf
- http://agentsrescue.org/uploads/1/3/0/5/130590481/0c6fd62ee356d6.pdf
- http://406cavoodle.com/uploads/1/3/0/6/130621305/236429.pdf
- http://midimoiselle.com/uploads/1/3/0/6/130621258/gonirode.pdf
- https://romalaweg.weebly.com/uploads/1/3/0/4/130489020/zuwotunetur_guwaw_jexago.pdf
- http://classicrockduo.com/uploads/1/3/0/6/130603728/pikurawobe-vesar.pdf
- http://zimizokabo.0406shopps02.fun/uploads/2020/01/27/5143050.pdf
- http://thietkecanhquan.org/uploads/1/3/0/6/130620801/351958.pdf
- https://rusivabi.weebly.com/uploads/1/3/0/3/130313700/musugo-komepen-gofilifoki-xapumalazu.pdf
- http://strangebrau.com/uploads/1/3/0/6/130621451/ecd779e9b63980.pdf
- http://moonlight.gffgrow.org/uploads/1/3/0/4/130488163/c040e6c13.pdf
- http://mspuppies.com/uploads/1/3/0/5/130588337/8a0b13.pdf
- http://solanii.com/uploads/1/3/0/5/130589137/2077137.pdf
- http://battagliaresearchgroup.org/uploads/1/3/0/5/130588366/sufijazaxolawun-gixewekuvewef-kikedomop.pdf
- https://kimivotag.weebly.com/uploads/1/3/0/2/130292104/b4aebef40a7f3.pdf
- http://theurbanclimatologist.com/uploads/1/3/0/4/130476481/6640321.pdf
- http://lofetiveju.vipiski-besplatno9.icu/uploads/2020/01/28/disosufibed.pdf
- http://propertytaxguy.biz/uploads/1/3/0/6/130604196/290eda182e.pdf
- http://fuerzaypoder.org/uploads/1/3/0/6/130621228/e20fe508e54.pdf
- http://pulap.faithmirror.com/uploads/2020/01/28/35a95.pdf
- http://dated.quizpoll.site/uploads/2020/01/29/8581522.pdf
- http://photographer-sevastopol.ru/uploads/2020/01/28/7078744.pdf
- http://cathlinchiang.com/uploads/1/3/0/4/130489926/9a4d48be.pdf
- http://kreativekidsworld.com/uploads/1/3/0/6/130639140/130639140.html#belkin+n300+extender+setup+guide
- http://cathlinchiang.com/upl
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000181f.bin2514326e0001797a87fcc7362fdfc7cd94a4b705f46ad61ab95703aac00d28c8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x181F | 8764 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.