MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded URLs, indicating a link farm designed to direct users to external content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing or traffic redirection intent. The heuristic 'PDF_SEO_LINK_FARM' confirms the presence of numerous external links, with 'norwoodcavies.com' being a prominent domain. The document body contains garbled text, suggesting it is not intended for direct user interaction but rather as a container for the malicious links.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://norwoodcavies.com/uploads/1/3/0/6/130621702/1454851.pdf
- http://deborahschoch.com/uploads/1/3/0/6/130605368/rowekuf.pdf
- http://prime-yourself.com/uploads/1/3/0/2/130288643/63f5b3816.pdf
- http://vaclip.com/uploads/1/3/0/2/130270834/kavofu-lapemekewude.pdf
- http://registrationdogpapers.com/uploads/1/3/0/6/130621201/7b1a2e15d3b36f.pdf
- http://webdisk.balikowskidentallab.com/uploads/1/3/0/4/130435987/9662426.pdf
- http://scopeclothing.co.nz/uploads/1/3/0/2/130289205/8340867.pdf
- http://www.svdpstheresasconference.net/uploads/1/3/0/4/130483402/deworikis.pdf
- http://galesfurniture.com/uploads/1/3/0/6/130605273/konutafixug.pdf
- http://mrsalwayswrite.com/uploads/1/3/0/2/130289662/kabubagewelir-tajoluririj-fupirutawarukaj-faxemunun.pdf
- http://chattanoogacigar.com/uploads/1/3/0/7/130740351/6074910.pdf
- http://truedetermination.shop/uploads/1/3/0/2/130291523/b42c3519a.pdf
- http://charlottemcevoy.com/uploads/1/3/0/8/130813037/562a31f.pdf
- http://balconyblasters.com/uploads/1/3/0/4/130476185/327c15f9965c9fb.pdf
- http://bettysmusic.com/uploads/1/3/0/6/130621576/gorajotafuka_manibekazo.pdf
- http://bellevueboysswive.com/uploads/1/3/0/6/130621033/6707304.pdf
- http://advancedrxtestwebsite.com/uploads/1/3/0/8/130874224/0d800.pdf
- http://pivotallist.com/uploads/1/3/0/7/130738701/06db195069e00.pdf
- http://elliemaysgrowingupridgeback.com/uploads/1/3/0/4/130436182/pipisevu.pdf
- http://markkraemer.net/uploads/1/3/0/5/130551186/92004.pdf
- http://leoeandhyde.com/uploads/1/3/0/6/130621335/jesutekujo_soxanelatiwimox_bukaxavikuka_zimitemigotat.pdf
- http://k-singh.info/uploads/1/3/0/6/130639805/zobik-pamesa-pexebuwedixus-fawarurorof.pdf
- http://messybeards.com/uploads/1/3/0/5/130551323/fojukivagekitorokiwu.pdf
- http://donotpanicitsorganic.com/uploads/1/3/0/7/130739117/tonaretije.pdf
- http://fulltimeherbivore.com/uploads/1/3/0/6/130640057/130640057.html#a4988+stepper+motor+driver+setup
- http://galesfurniture.com/uploads/1/3/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004645.bin5a31d9a4527fbd0a1bd5e2c973488772ad8e4246f1a5a83d19bbdc77e0b6af9c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4645 | 2876 bytes |
font_01_sfnt_off00005355.bin914d65f5cd0e424bfc5cc3aac55e7eee78db7ab57fd954d83f26281569bb81cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5355 | 8748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.