MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ClamAV detection and ML classifier strongly indicate malicious intent. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies the mass external link farm, with the dominant host being practicalstartupbook.net. The embedded URLs are likely part of a phishing or content distribution scheme.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://practicalstartupbook.net/uploads/1/3/0/7/130775001/5163047.pdf
- http://designinhours.com/uploads/1/3/0/7/130775191/fomevipokusa.pdf
- http://gmgranada.com/uploads/1/3/0/6/130621342/661780.pdf
- http://acot.website/uploads/1/3/0/6/130620574/78d0ed5405.pdf
- http://alswoodworkingtools.com/uploads/1/3/0/7/130775643/3312143.pdf
- http://www.carouselmusictheatre.org/uploads/1/3/0/2/130272232/1eda89bc3.pdf
- http://cpanel.elleextensioncils.com/uploads/1/3/0/8/130874435/996850.pdf
- http://ndmbfc.com/uploads/1/3/0/2/130291908/nukajiwag_lafejevevovu_logolomopo.pdf
- http://livelushly.com/uploads/1/3/0/5/130588159/famemusov.pdf
- http://mjbjacobs.com/uploads/1/3/0/6/130640006/ab8a38b8.pdf
- http://epicure-events-and-design.com/uploads/1/3/0/6/130603740/9116f57402.pdf
- http://bubbleandmimiltd.com/uploads/1/3/0/2/130270872/7203071.pdf
- http://www.aaroncharlesg.com/uploads/1/3/0/8/130874043/xotezipalo-velogafek.pdf
- http://myshecollectiononline.com/uploads/1/3/0/4/130476004/xevubaze_jomelu_zisoxapexu_zowezekodido.pdf
- http://hispanicaccessfoundation.com/uploads/1/3/0/3/130323412/5c7a8f1a359.pdf
- http://go.lsbrpc.net/uploads/1/3/0/6/130604046/kulibatugo.pdf
- http://ungranitodearena.net/uploads/1/3/0/3/130313746/0c7bc286a33e.pdf
- http://hollyellisonmiller.com/uploads/1/3/0/2/130289530/4968082.pdf
- http://lacrossewheel.com/uploads/1/3/0/3/130379581/nijuzonomaguz.pdf
- http://magicaladventurestravelbystacy.com/uploads/1/3/0/4/130483728/3499606.pdf
- http://mail.yogaaah.com/uploads/1/3/0/4/130475990/10f6cc1f.pdf
- http://nolimitationsyouthservices.org/uploads/1/3/0/6/130604222/dafodeka_tunugerovetevun_dubarogo_jatapixib.pdf
- http://spotfuse.net/uploads/1/3/0/4/130436154/f30465.pdf
- http://kishwaleather.com/uploads/1/3/0/2/130288394/200906.pdf
- http://www.claytongatemassagetherapy.ca/uploads/1/3/0/4/130488198/130488198.html#u+adjectives+to+describe+a+person+positive
- http://myshecollectiononline.com/uploads/1/3/0/4/13047
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003457.binc6bf73727bc4da73f75c9805c50f33dbb0d86e53339e9534c1107410cbff1eba |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3457 | 7932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.