MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded URLs pointing to SEO-optimized PDF hosting sites. This behavior is indicative of a link farm designed to drive traffic or distribute malicious content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a phishing or traffic-driving intent. No scripts were extracted, and the document body contained mostly garbled text and a reference to an alkaline phosphatase assay, which appears to be a lure.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://universalfrequencies.com/uploads/1/3/0/7/130775918/fuzemewerevipedomiko.pdf
- http://girlfact.com/uploads/1/3/0/3/130323178/338df2c348010.pdf
- http://stillaraider99.com/uploads/1/3/0/2/130271224/8936801.pdf
- http://shadowhorseprodcutionsllc.com/uploads/1/3/0/2/130271201/rojawugezitet.pdf
- http://mikeintucson.com/uploads/1/3/0/3/130379488/mapesuwemizukop.pdf
- http://buildsmoreconstruction.com/uploads/1/3/0/6/130639593/2a1a44eeee1.pdf
- http://oldschoolgamerclub.store/uploads/1/3/0/8/130874289/sewevekiziwesikiw.pdf
- http://rooovalley.com/uploads/1/3/0/2/130289154/bazimijar-kejataxupazi.pdf
- http://idonutcare.net/uploads/1/3/0/8/130814644/cbd8093673.pdf
- http://wevegotitboxed.com/uploads/1/3/0/6/130621818/1663103244d6.pdf
- http://adan.pt/uploads/1/3/0/4/130488401/dd68684b.pdf
- http://mikeajames.com/uploads/1/3/0/7/130775015/dulitapibiwefotilu.pdf
- http://devs.stefanaarnio.com/uploads/1/3/0/2/130274269/3193118.pdf
- http://tilesformiles.com/uploads/1/3/0/5/130539726/1051959.pdf
- http://rootcausewellness.com/uploads/1/3/0/2/130272260/6b5808f.pdf
- http://katyspratt.com/uploads/1/3/0/6/130639899/ed8c5393.pdf
- http://bartenderbitch.com/uploads/1/3/0/4/130488265/fosudike.pdf
- http://trickingq3.com/uploads/1/3/0/6/130620237/satavatanedofel-napuf.pdf
- http://omarlattouf.com/uploads/1/3/0/7/130739918/kupevuxo_fujotixutura_puleleropom.pdf
- http://laurawanamakerdoulas.com/uploads/1/3/0/6/130604805/b72a7d432.pdf
- http://fieldandforesteducation.org/uploads/1/3/0/8/130814295/waparopalajugut.pdf
- http://thathappyplace.net/uploads/1/3/0/2/130289649/8310159.pdf
- http://playtopfounder.net/uploads/1/3/0/6/130604808/filagudomaxaw_buvixes_wipowejolubo_wojarizokonekuj.pdf
- http://mundotainos.com/uploads/1/3/0/4/130478110/3458032.pdf
- http://hudongwangluoqipaiyouxi.br3h.com/uploads/1/3/0/5/130550940/130550940.html#alkaline+phosphatase+assay+principle
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004ebb.bin6ce32c7926c6f21db5640dc1790b79ec78d1dba01d796f7b775dba7caf5b1ad9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4EBB | 16076 bytes |
font_01_sfnt_off00006322.bine41d1c246cdb8f80f48c3f73d059165194f466d32cf7be54531c4ea8ec7752fa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6322 | 2716 bytes |
font_02_sfnt_off00006f4b.bindc3953792c9d31b89b7c44d45f9c4ad670eb976e79e4fafcb113748cb728b596 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F4B | 8004 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.