MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a lure instructing the user to enable macros or editing, a common technique for malware droppers. It also features a large number of embedded external PDF links, with the first being http://superiorautomi.com/uploads/1/3/0/2/130287894/3732615.pdf. This indicates a phishing or SEO poisoning attack aimed at distributing further malicious content.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Macro/content-enable lure medium SE_ENABLE_LUREDocument instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://superiorautomi.com/uploads/1/3/0/2/130287894/3732615.pdf
- http://notredameberlinseminar.org/uploads/1/3/0/4/130476120/sizilakofeb.pdf
- http://hmongunited.org/uploads/1/3/0/2/130288391/ziwal.pdf
- http://cwegcommunity.org/uploads/1/3/0/6/130603859/felugu.pdf
- http://comedyzoneproject.com/uploads/1/3/0/6/130620159/8701355.pdf
- http://ufunny.net/uploads/1/3/0/3/130313410/delofamipadetopef.pdf
- http://www.19919977.ru/uploads/1/3/0/9/130969731/tilisuw.pdf
- http://www.cxmconstructionllc.com/uploads/1/3/0/7/130775391/muzejedadaga.pdf
- http://www.preciousdropyounglivingsabah.com/uploads/1/3/0/8/130813369/jibovajalo_nirodumer_lifaxedal_titex.pdf
- http://kidscreativestudio.com/uploads/1/3/0/6/130621754/denudafavoji.pdf
- http://myqmunity.com/uploads/1/3/0/5/130543761/3267f7a2fb.pdf
- http://freeasabirdnutrition.com/uploads/1/3/0/5/130588651/4971353.pdf
- http://dashanren.com/uploads/1/3/0/7/130775055/dijog.pdf
- http://singaporenewexecutivecondo.com/uploads/1/3/0/7/130738831/vanaguwaxazirek.pdf
- http://realitywhisperer.com/uploads/1/3/0/7/130775603/zofetoja_tivoxevusaxe_wuwerufeda_wemusapudolotol.pdf
- http://mindsetmakeover.site/uploads/1/3/0/7/130775292/nenubugifuno.pdf
- http://www.curatedcamp.com/uploads/1/3/0/6/130604417/5fceb0.pdf
- http://jdroofingandconstruction.org/uploads/1/3/0/2/130273761/cfee8f.pdf
- http://fembotdelivery.com/uploads/1/3/0/5/130543976/gemilebowafi_sisupomige_vakuzadezerote_xeporivageruge.pdf
- http://campingdishwasher.com/uploads/1/3/0/3/130313507/madusavidovovofa.pdf
- http://firebrandguitars.com/uploads/1/3/0/4/130483122/teruvositoguje_zimarawadekeb.pdf
- http://www.njwxc.com/uploads/1/3/0/5/130588805/7048356.pdf
- http://mail.sylviasenglishonline.org/uploads/1/3/0/7/130775286/5cafa587.pdf
- http://mail.superiorhhskc.com/uploads/1/3/0/3/130379163/130379163.html#jpg+to+word+converter+online+editable+free
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003f74.bin7167ece391764be18b096499f339a01d68b0010d7eb1bb52f8dc72a85b1d3eb8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3F74 | 16436 bytes |
font_01_sfnt_off00005825.binf18ee83792a38bd743007503f5e9a36944f0aaf77fa10efef4382246c3b77be9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5825 | 8460 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.