MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. The document body also contains urgency language, suggesting a phishing or social engineering attempt. The ClamAV detection as Pdf.Phishing.TtraffRobotInstall-7605656-0 further supports a malicious classification. The primary attack pattern involves directing the user to external URLs, likely for credential harvesting or malware distribution.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://renenkay.com/uploads/1/3/0/6/130604077/vunulebotodosak.pdf
- http://wapebomumo.1film1hikaye.com/uploads/2020/01/29/nivaxotenakobigewiv.pdf
- http://madwellkale.com/uploads/1/3/0/6/130605374/zubedaborumalakebar.pdf
- http://chrismfwise.com/uploads/1/3/0/4/130477310/2282334.pdf
- http://wum.lafethome.ru/uploads/2020/01/29/vasuzapo-gonawogagejomuk-tutebi.pdf
- http://mydeckstairity.com/uploads/1/3/0/3/130379803/3011649.pdf
- http://rusawaso.creamzdorow.ru/uploads/2020/01/27/f90a7e22912ecfc.pdf
- http://selmazulma.com/uploads/1/3/0/4/130483647/fojoboved.pdf
- http://xarodo.coin-fishing.fun/uploads/2020/01/27/277e72b8d7a51d.pdf
- http://manuelarielcalderon.com/uploads/1/3/0/6/130620689/dabebur.pdf
- http://gesamaxazo.sonxequyentri.com/uploads/2020/01/29/jemofemenegitub.pdf
- http://irministorage.com/uploads/1/3/0/5/130545001/gavamipubutarax_vagegedafugom_jerazifowejoxe_womotumifof.pdf
- http://rojosewu.smslog.in/uploads/2020/01/27/pimijulexudubigof.pdf
- http://beedevinephotography.com/uploads/1/3/0/5/130551135/3373263.pdf
- http://kak-chto.ru/uploads/2020/01/28/6cf092bfe6298bb.pdf
- http://reportingchildabuse.com/uploads/1/3/0/6/130621630/vipexalod.pdf
- http://nationwidehealthgroup.com/uploads/1/3/0/5/130540097/momexenulogit-marewumobomig-lebesegepulixax-pevonusibilu.pdf
- http://terriweston.com/uploads/1/3/0/2/130287988/mufejok.pdf
- http://houseofmapa.com/uploads/1/3/0/5/130546885/2e3f2d2f.pdf
- http://maturitas.ru/uploads/2020/01/27/bivezadilupuwow_vanavore_voweveku.pdf
- http://xarun.antikvarius.su/uploads/2020/01/28/3792553.pdf
- https://fadizatilizava.weebly.com/uploads/1/3/0/5/130588923/a39f0.pdf
- http://the57eatery.com/uploads/1/3/0/2/130288462/7868643.pdf
- https://sibonutowu.weebly.com/uploads/1/3/0/6/130604979/gajuritof.pdf
- http://youtubevideoscreation.com/uploads/1/3/0/6/130604154/dinazokaral-voviwuxikakum-milomidabapev.pdf
- http://poetmotorcycles.com/uploads/1/3/0/5/130539583/130539583.html#suction+and+curettage+vs+dilation+and+curettage
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000012c4.binb417bafd153600c8fec990de9ec68f2f89b4cab8c99495739866c46e4cf66ca7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12C4 | 8376 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.