PDF malware analysis — malicious · 379b4bf8ca85e3dc

MALICIOUS

PDF

51.6 KB Authoring application: Inkscape

MD5: 3d0b0cde1da60f8ddeb818dab8937355 SHA-1: c1ae8d7bdc05b49a5e6dbd90cc7b85e2ad5b5ab7 SHA-256: 379b4bf8ca85e3dc290722558dc41050f1ec9f1fbc1c1e1e4a9b519a27a76eea

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was identified as malicious by ClamAV with the signature Pdf.Phishing.TtraffRobotInstall-7605656-0. Static analysis revealed a PDF_SEO_LINK_FARM heuristic, indicating the presence of numerous external links. These links likely serve as a lure to redirect users to phishing sites or download further malicious content. No scripts were extracted from this sample.

Heuristics 3

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://socialresponsecenter.com/uploads/1/3/0/5/130550732/3090241.pdf
- http://shelleycorr.com/uploads/1/3/0/5/130545573/5623bf.pdf
- http://falkenbergadmissionsadvising.com/uploads/1/3/0/6/130620390/1347785.pdf
- http://www.clinoncconsulting.com/uploads/1/3/0/6/130639357/136f0b09.pdf
- http://memfeet.com/uploads/1/3/0/4/130489019/juzawitaraxufi_tulexusofuba.pdf
- http://indiancreekinfo.com/uploads/1/3/0/4/130436122/a284a8eea72.pdf
- http://nsngames.com/uploads/1/3/0/7/130776591/sesukepozekova_wilufikevori_gekatasabe.pdf
- http://hillyercpa.com/uploads/1/3/0/7/130739766/9574111.pdf
- http://mmalite.com/uploads/1/3/0/5/130551611/6820470.pdf
- http://projectechelon22.org/uploads/1/3/0/2/130288421/e3e3e.pdf
- http://guardioesdeluz.com/uploads/1/3/0/6/130620942/428a7a30e216533.pdf
- http://readthinkwritespeak.com/uploads/1/3/0/3/130379462/bexiwomig.pdf
- http://fuerst.si/uploads/1/3/0/6/130604430/nofurupokaf_xamaw_kamijimogi.pdf
- http://thelittleschoolproject.com/uploads/1/3/0/2/130288798/sanuvafiwiwagekus.pdf
- http://learnjapanesebooks.sewbookish.com/uploads/1/3/0/6/130640071/gadoz.pdf
- http://handinote.com/uploads/1/3/0/2/130289254/14439c809.pdf
- http://moneymonologues.com/uploads/1/3/0/5/130588740/jiluxobini-farezamav.pdf
- http://mosnaturalhaircare.com/uploads/1/3/0/6/130604654/304976.pdf
- http://natashastraley.com/uploads/1/3/0/5/130546385/599b28423d2d2.pdf
- http://mylaurabelle.com/uploads/1/3/0/6/130604952/dfa0cd9696.pdf
- http://acandleaffairbyangela.com/uploads/1/3/0/3/130323437/f0bf6359.pdf
- http://westcovinafamilylaw.com/uploads/1/3/0/6/130639139/rebivaxolo.pdf
- http://74-123-78-123.mgwnet.com/uploads/1/3/0/6/130604765/130604765.html#las+28+creencias+adventistas+para+jovenes+pdf
- http://nsngames.com/uploads/1/3/0/7/130776591/sesukepozekova_wilufik

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00003ffc.bin` `9ebc6399cdf9b1443e942827cad93593fd3a84f3f22bb71b63cc74e58c61d21b`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x3FFC	16088 bytes
`font_01_sfnt_off000054cc.bin` `61064e2cfe1dd97413521b80cdddc51e629370c2ce656d2ca2fc9c7e1155f2e7`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x54CC	3988 bytes
`font_02_sfnt_off00006585.bin` `bddc61a5cfe7f9eda446c4c775b2742f14ed88e99e9d19b1be600b5aba1c5ef0`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x6585	10392 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.