MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to host phishing content. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier's high confidence score further support a malicious classification. The document body was heavily obfuscated and truncated, preventing a more detailed analysis of its specific lure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://kingdomdvlpr.com/uploads/1/3/0/6/130603841/ninazakakezek_lugalojugutinen_melujopedex.pdf
- http://astrologyandcrystallighttherapy.com/uploads/1/3/0/6/130621805/4013609.pdf
- http://erlamb.com/uploads/1/3/0/6/130604077/motusidovol_pameg_nubusi_gekeketerejufir.pdf
- http://scottsvalleyorthodontist.com/uploads/1/3/0/3/130313582/bamusejirevewugami.pdf
- http://tokped.services/uploads/1/3/0/6/130639244/jarerur-pevamololuki-dobuxodebitaj-soxofog.pdf
- http://finleybroswood.com/uploads/1/3/0/5/130543813/6262d646f.pdf
- http://wickedricks.com/uploads/1/3/0/8/130814070/wevibelegiwuz-bekerewezixego-kugirijejeki.pdf
- http://normanbrickandmasonry.com/uploads/1/3/0/2/130270971/a999aba0.pdf
- http://email.trufitpersonaltraining.com/uploads/1/3/0/7/130776167/mosejexivosev_nemojo_ritimazif.pdf
- http://konahypnosis.com/uploads/1/3/0/4/130476598/xebudaba_muwera_gejosadogegowo_mikozi.pdf
- http://moshathestylist.com/uploads/1/3/0/4/130435959/jofeke.pdf
- http://www.calvarycommunitychurchlancaster.com/uploads/1/3/0/3/130323959/6e69c970b812.pdf
- http://gretchenandgustavo.com/uploads/1/3/0/5/130552053/ziwosarunozu-jagowenorud.pdf
- http://www.azizfallnetworks.services/uploads/1/3/0/8/130874314/377346.pdf
- http://stubblefieldhoa.com/uploads/1/3/0/7/130738697/sitives-zabosipiralax.pdf
- http://chaloulosekdromes.com/uploads/1/3/0/3/130323339/81ba2259bb85.pdf
- http://1901ironworks.org/uploads/1/3/0/5/130550833/xakipowot_nesiraronega_kupavazizi_tumurawur.pdf
- http://kylielyall.com/uploads/1/3/0/2/130287371/kikogigu.pdf
- http://shizenfurniture.com/uploads/1/3/0/4/130476143/38ebcb5.pdf
- http://tevaalliance.org/uploads/1/3/0/2/130289601/8439467.pdf
- http://www.trails4tailsfest.org/uploads/1/3/0/6/130620505/dawowukosidabude.pdf
- http://thegooroogroup.com/uploads/1/3/0/5/130545985/lizanit.pdf
- http://oeufrier.ca/uploads/1/3/0/6/130639541/8707076.pdf
- http://www.ashleyhronek.com/uploads/1/3/0/6/130621503/sepapubamezu.pdf
- http://parisinternationaldebutanteball.com/uploads/1/3/0/3/130313196/gugawis_lifajem_winabupuxuwom.pdf
- http://xingheyulechengguanwang.br3h.com/uploads/1/3/0/3/130313145/130313145.html#noun+clause+test+yds
- http://www.calvarycommunitychurchlancaster.com/uploads/1/3/0/3/130323959/6e69c970b812.p
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003561.bin0c190a3dc75c86c9efe555af52cd9c81c1538d7c714a35bc703d8f967f210140 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3561 | 8820 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.