MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to numerous PDF files hosted on various domains, suggesting a link farm or distribution mechanism for malicious content. ClamAV also detected this as Pdf.Phishing.TtraffRobotInstall-7605656-0, indicating a phishing or traffic redirection intent. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://strategicmotionvideo.us/uploads/1/3/0/6/130621443/risevagubumova_fosobogupas_sasamolan.pdf
- http://pearlwonders.com/uploads/1/3/0/9/130969701/4481829.pdf
- http://keystonehealthsecrets.com/uploads/1/3/0/8/130814173/sisebuvetobe.pdf
- http://nor-co.com/uploads/1/3/0/3/130324420/fuwolax.pdf
- http://www.johanlukasse.com/uploads/1/3/1/0/131070431/jawixipozij_luzemebemimef_jimane.pdf
- http://ivyprofessionals.com/uploads/1/3/0/3/130324292/jomowogiwozadi-vozexitumafopa-sexiwilakinugol-favol.pdf
- http://divineearthmedicinals.com/uploads/1/3/0/6/130620515/tipedadogin_bezod_dikosilara_lunip.pdf
- http://blacktentcreative.com/uploads/1/3/0/5/130539021/8577168a24b445f.pdf
- http://www.addictiveness-dr.com/uploads/1/3/0/4/130435763/zupirote.pdf
- http://quitatlast.com/uploads/1/3/0/7/130776755/bowekodoka_gazobetulugopas.pdf
- http://www.globalsealingproducts.com/uploads/1/3/0/3/130379061/24ec039abfcc.pdf
- http://brawnandbroccoli.com/uploads/1/3/0/4/130488811/a0af3ac5d8dc2.pdf
- http://beautybeattt.com/uploads/1/3/0/6/130620173/1096830.pdf
- http://tonicoindio.com/uploads/1/3/0/2/130270742/kogezetofasir_dafowaperoxiba.pdf
- http://blindsquirrelcreativedesign.com/uploads/1/3/0/7/130776070/8615514.pdf
- http://swingstatereal.estate/uploads/1/3/0/6/130604269/dac017ae77.pdf
- http://killerkilburn.com/uploads/1/3/0/5/130543761/pufarejozixu-gesukonitex.pdf
- http://vliegendestoel.nl/uploads/1/3/0/7/130738803/54ce1df74.pdf
- http://thelettuceman.co.nz/uploads/1/3/0/7/130739664/mebulorinatup.pdf
- http://www.plwdesigns.com/uploads/1/3/0/2/130274151/6267b936.pdf
- http://www.mifamilialawncare.com/uploads/1/3/0/5/130589346/e2d68.pdf
- http://grauwald.org/uploads/1/3/0/5/130589033/7499000.pdf
- http://hotel-art.net/uploads/1/3/0/4/130489343/1267976.pdf
- http://seedsfineartexhibits.org/uploads/1/3/0/7/130775922/kebopiwilofex.pdf
- http://www.oasisgaminginc.com/uploads/1/3/0/5/130541131/fitebaso-bejuz-kewipo-nusuk.pdf
- http://nailpolishs.com/uploads/1/3/0/5/130590482/130590482.html#allergic+contact+dermatitis+due+to+plants+except+food
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000404b.binb32d5d7dab5c7fbcc5b9b82343b69861c3fd7ecd8c6b90ed2de853bfd62ff6d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x404B | 8472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.