MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various domains. The ML_NYX_PDF_MALICIOUS and CLAMAV_DETECTION heuristics confirm the malicious nature of the file. The embedded URLs suggest a link farm designed to redirect users, likely to phishing sites or to download further malicious content. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://lerevepianos.com/uploads/1/3/0/7/130776478/2ad08c4aeb051.pdf
- http://mooretre.com/uploads/1/3/0/7/130775261/6430887.pdf
- http://sidewalkstour.com/uploads/1/3/0/2/130287504/bovotalurafik.pdf
- http://mail.mycraftsweb.com/uploads/1/3/0/2/130287919/sapukeba_xajejix_zepojebanide.pdf
- http://weddingcakesbrisbane.net/uploads/1/3/0/3/130379447/parovo_kagevakij.pdf
- http://ip107-colo.mnemonix.com/uploads/1/3/0/5/130545199/xedixatasawuteb_rofafi.pdf
- http://steelsecuritysystems.net/uploads/1/3/0/4/130435555/nutuvumejavara.pdf
- http://pinballalley.ca/uploads/1/3/0/8/130874148/2f4837b849a.pdf
- http://angelicapelegrin.com/uploads/1/3/0/5/130543084/jitumapimejazu.pdf
- http://cache01.en-linea.com/uploads/1/3/0/7/130739906/7932537.pdf
- http://mrsheridanenglish.com/uploads/1/3/0/4/130436166/wubudaz.pdf
- http://mycarnabyscooter.com/uploads/1/3/0/6/130621791/zetekidewokesotiwaja.pdf
- http://welcometo6h.com/uploads/1/3/0/6/130621915/2042072.pdf
- http://ashleydunn.blog/uploads/1/3/0/2/130289319/235b830b.pdf
- http://terrasuaka.com/uploads/1/3/0/3/130323523/xelapikilenon.pdf
- http://dbtdelaware.com/uploads/1/3/0/4/130475932/vukufirujufe-sebaxamug-mixifesud-tezadete.pdf
- http://anteako.com/uploads/1/3/0/7/130776521/d474b7fd1e6af4.pdf
- http://yousaved.me/uploads/1/3/0/4/130483390/46e114a37963df0.pdf
- http://musingsofageek.com/uploads/1/3/0/5/130589186/6470845.pdf
- http://rokuhispano.com/uploads/1/3/0/2/130270996/tiwiv_zuwirisoxugafa_juwizevusoreduk_sisuji.pdf
- http://mynutritioninnovation.com/uploads/1/3/0/6/130640094/jivekobeper.pdf
- http://thedjfoote.com/uploads/1/3/0/6/130605238/nojijasugasugojagoro.pdf
- http://www.lindsaysterling.com/uploads/1/3/0/5/130590779/9291299.pdf
- http://www.donna-a-stiles-photographyonline.com/uploads/1/3/0/8/130874612/213bf8ce2.pdf
- http://risearise.com/uploads/1/3/0/5/130550742/0b99a.pdf
- http://adsl-63-204-18-32.benefitplans.org/uploads/1/3/0/6/130620857/130620857.html#fasciola+hepatica+size
- http://mycarnabyscooter.com/uploads/1/3/0/6/130621
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000038dc.bine2f1373bf3d70a40ff4276a486f0a1d2d32154e4f45ad1243a44c3d3b7d91cea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x38DC | 2652 bytes |
font_01_sfnt_off00004503.bin2277c07df483ac08e5520054bb54ad9b579d1aab3eb772c6a367659b95f6cadb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4503 | 8712 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.