MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links to external PDF files hosted on various domains. This behavior is indicative of a link farm or a phishing campaign designed to distribute malicious content or manipulate search engine results. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports the malicious nature of this file.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://smootherwaters.com/uploads/1/3/0/2/130287972/lalugi-terusopurisiwuz-teteruxewewof-budulesuxurufo.pdf
- http://westmeetseastcreative.com/uploads/1/3/0/5/130539348/ridanuw.pdf
- http://www.contemporary-flair.com/uploads/1/3/0/5/130541028/2638355.pdf
- http://www.blessedmoondoula.com/uploads/1/3/0/4/130479435/edb0500cee31770.pdf
- http://pebbleandstonetextiles.com/uploads/1/3/0/2/130270781/nawojomutajuga.pdf
- http://oneactioncalendar.org/uploads/1/3/0/6/130639516/752472.pdf
- http://define-living.com/uploads/1/3/0/9/130969932/8880950.pdf
- http://1801innovationblvd.com/uploads/1/3/0/4/130488503/zigunivaw.pdf
- http://redfernmarketresearch.com/uploads/1/3/0/6/130604303/raximapa.pdf
- http://www.spanishwithflor.org/uploads/1/3/0/7/130738850/fb2ff81b38c.pdf
- http://possibilitycourse.org/uploads/1/3/0/7/130738732/xixowozi.pdf
- http://biscuitrollers.com/uploads/1/3/0/5/130551125/7659427.pdf
- http://brohamas.com/uploads/1/3/0/7/130739301/baduruba.pdf
- http://caitlinmorrison.com/uploads/1/3/0/7/130739564/dojedediren.pdf
- http://ottica2g.com/uploads/1/3/0/7/130776667/nuziselesobuwibar.pdf
- http://adaptiveplanningconsultant.com/uploads/1/3/0/6/130604788/lowavagef_nijotigiti.pdf
- http://www.newlifeprestwick.com/uploads/1/3/0/2/130288762/jijumufew.pdf
- http://wag-works.com/uploads/1/3/0/5/130588517/4450837.pdf
- http://www.laurenvanmullem.com/uploads/1/3/0/6/130639537/356406.pdf
- http://audigoodwillpackage.com/uploads/1/3/0/7/130775465/fosekifikupavasibewo.pdf
- http://blockinsight.com/uploads/1/3/0/4/130489830/7376400.pdf
- http://www.bidmcbreasturgeryfellow.com/uploads/1/3/0/7/130738506/2388092.pdf
- http://inbsolucoes.com.br/uploads/1/3/0/8/130814735/83582c1ca.pdf
- http://campingdishwasher.com/uploads/1/3/0/4/130483869/vebozegi-ravow.pdf
- http://learntosailswf.com/uploads/1/3/0/3/130323962/vulofugavudiga.pdf
- http://adsl-63-204-18-42.benefitplans.org/uploads/1/3/0/7/130738712/130738712.html#ejercicios+de+tiempos+verbales+en+ingles+mezclados+con+soluciones+pdf
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004383.bin1b0b9ccafa3a8d4187e86757028d03de598065db96186c0e11ce259314def278 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4383 | 2684 bytes |
font_01_sfnt_off00004c6f.bin779aa567746046747dac965df7fdfb06ff632674a0a99ce247a327bf89f0fa63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4C6F | 16036 bytes |
font_02_sfnt_off000063cb.bince5211be287a229754e54e283b40f8b984414552e218c58da62dde3aeb3d93e8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63CB | 8996 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.