MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of external links, many of which are structured as SEO-friendly numeric slugs, indicating a link farm. The heuristic 'SE_PAYMENT_REDIRECT_LURE' strongly suggests the document's content is designed to trick users into believing there are new or changed bank instructions, a common tactic in business email compromise attacks. The ClamAV detection further confirms its malicious nature, classifying it as 'Pdf.Phishing.TtraffRobotInstall'. No scripts were extracted from this sample.
Heuristics 4
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.k9legaldefense.org/uploads/1/3/0/5/130590594/1450268.pdf In PDF document text
- http://server65173.misscarols.com/uploads/1/3/0/4/130478203/kavutavute.pdfIn PDF document text
- http://pooltexrepair.net/uploads/1/3/0/6/130640144/wikise-fobikevov-wunison-nipiribu.pdfIn PDF document text
- http://bubblebagsaustralia.com/uploads/1/3/0/2/130291713/vuxajo.pdfIn PDF document text
- http://mta-sts.mx.whatthefolkart.com/uploads/1/3/0/2/130271048/c1df61f.pdfIn PDF document text
- http://gabrielledrouin.com/uploads/1/3/0/8/130814784/xozugawetopu.pdfIn PDF document text
- http://mymagnificentmess.com/uploads/1/3/0/2/130271195/a54161.pdfIn PDF document text
- http://nono-go.com/uploads/1/3/0/2/130291676/e6c7e78241bf12b.pdfIn PDF document text
- http://www.phoenixvisiontech.ca/uploads/1/3/0/6/130639777/73d8f6de76.pdfIn PDF document text
- http://wadsworthpersonalinjury.com/uploads/1/3/0/4/130436171/xilenidenajuvej.pdfIn PDF document text
- http://mysterclothingbrand.com/uploads/1/3/0/5/130589252/7876660.pdfIn PDF document text
- http://admin.hmunc.org/uploads/1/3/0/5/130543279/javarejezifika_dutavigetofose.pdfIn PDF document text
- http://starvalleygeology.com/uploads/1/3/0/5/130589132/wemezisu.pdfIn PDF document text
- http://phillydish.net/uploads/1/3/0/8/130874258/rajuva.pdfIn PDF document text
- http://casachurba.com/uploads/1/3/0/3/130379431/002be1.pdfIn PDF document text
- http://pixelmatic.net/uploads/1/3/0/5/130539074/46b9f15360b4b8e.pdfIn PDF document text
- http://801fig.com/uploads/1/3/0/4/130476013/314637.pdfIn PDF document text
- http://theego.org/uploads/1/3/0/6/130604014/3f393.pdfIn PDF document text
- http://davesbiblestudy.net/uploads/1/3/0/6/130621284/2945347.pdfIn PDF document text
- http://amorcocoa.com/uploads/1/3/0/6/130639768/4879445.pdfIn PDF document text
- http://indiegearhead.net/uploads/1/3/0/7/130776264/45c160603e73c.pdfIn PDF document text
- http://grillou.fr/uploads/1/3/0/4/130476506/130476506.html#group+personal+accident+insurance+policy+sbi+form+downloadIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00002d2f.bin8cfcfda2de135009cb7f7680f89e7a86a38d6fb24d0afa35d657b9e3a072a2b4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D2F | 16336 bytes |
font_01_sfnt_off00004572.bin044452fb1575c7e54b6467b6e0f46ead90ce0ca6dd3bdd8bddb4a015ab326d95 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4572 | 7780 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.