MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a mass external link farm, with 25 links pointing to other PDF files, indicating a SEO poisoning or redirection attempt. The document body text, though partially corrupted, suggests a lure related to job referrals, aligning with the 'SE_INVOICE_LURE' heuristic. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further confirms its malicious nature, likely involving traffic redirection or phishing. The primary attack pattern involves luring users to external, potentially malicious, content via a link farm.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://adcounselling.net/uploads/1/3/0/7/130738679/doxudakafe.pdf
- http://beccasportfolio.com/uploads/1/3/1/0/131070168/df13c9db45.pdf
- http://mabuhaylove.com/uploads/1/3/0/3/130313359/bubor.pdf
- http://sandiegosuperlawyers.com/uploads/1/3/0/3/130324170/eee706c9.pdf
- http://nandrews.net/uploads/1/3/0/7/130738996/vefubedoku.pdf
- http://chatthillscommunity.com/uploads/1/3/0/7/130738667/muvozumolejoru_sanowusiv.pdf
- http://thedopehouselive.com/uploads/1/3/0/6/130604176/2434632.pdf
- http://www.borirepa.com/uploads/1/3/0/6/130603937/0648d8.pdf
- http://www.thechurch1689.com/uploads/1/3/0/5/130540583/wokuxadixodobugavef.pdf
- http://meridiancorporatecenter.com/uploads/1/3/0/6/130604395/9977154.pdf
- http://nyvoicedialogue.com/uploads/1/3/0/7/130740401/b2c3c6a9.pdf
- http://wallbrosdrywallservices.com/uploads/1/3/0/5/130543318/76715d.pdf
- http://tracymacewan.com/uploads/1/3/0/5/130551543/d7a566.pdf
- http://chuyitos.com/uploads/1/3/0/7/130775047/vumal-merubunafew-meziwuposewe-gelapo.pdf
- http://beemyhoneyapiary.com/uploads/1/3/0/6/130621826/sezuwadabut.pdf
- http://itsnachodesign.com/uploads/1/3/0/5/130588584/1149213.pdf
- http://locksmithracine.com/uploads/1/3/0/7/130775251/tuvaxele-wiguvarasuj.pdf
- http://studiocitynorth.com/uploads/1/3/0/6/130621279/9535173c1520a4b.pdf
- http://poerecords.net/uploads/1/3/0/4/130476214/kubavavi-togadalizaw.pdf
- http://liveworkspend.com/uploads/1/3/0/2/130288481/4d86eb.pdf
- http://acumensalestrainingconsultants.com/uploads/1/3/0/6/130603939/a6dfb48f1ff.pdf
- http://mrulmersmathunit.com/uploads/1/3/0/7/130739006/menuremixefovow.pdf
- http://hostmaster.alioscia.net/uploads/1/3/0/6/130620508/3641136.pdf
- http://datinglass.com/uploads/1/3/0/5/130590564/gaferozilezujilopune.pdf
- http://dentistry-education.com/uploads/1/3/0/6/130639409/tufuniz.pdf
- http://74-123-75-191.mgwnet.com/uploads/1/3/0/2/130288551/130288551.html#sample+email+asking+for+job+referral
- http://thedopehouselive.com/upl
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004718.bin779aa567746046747dac965df7fdfb06ff632674a0a99ce247a327bf89f0fa63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4718 | 16036 bytes |
font_01_sfnt_off00005e74.bin568463cb982d7fc2ad13848dcbcd99923b1d8abb4b79f479014631cefb547fa1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E74 | 8504 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.