MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links, many of which point to other PDF files. This behavior is indicative of a link farm designed to distribute malicious content or conduct phishing. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a phishing or traffic redirection intent. The embedded URLs are the primary IOCs for this attack.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://keysvision.com/uploads/1/3/0/7/130739251/toretawi-fedodep-zemavogezifir-zisanifevipubiz.pdf
- http://onlinestaginghelp.com/uploads/1/3/0/5/130551142/jonewozaz-filuzigivasatil-ronalatikalafat.pdf
- http://alexhammerschmidt.com/uploads/1/3/0/7/130775556/a54baf.pdf
- http://firstpresnb.com/uploads/1/3/0/5/130589420/mulixusizekan.pdf
- http://saegl.us/uploads/1/3/0/7/130738759/1005755.pdf
- http://yolozwolle-lekkerpuh.nl/uploads/1/3/0/4/130490117/nuwusopikunote.pdf
- http://christianrmcdaniel.com/uploads/1/3/0/7/130775293/togamodajixebubod.pdf
- http://persistress.org/uploads/1/3/0/8/130814355/fexagolegixu-jokazorovixazu.pdf
- http://vernalinzey.com/uploads/1/3/0/6/130605228/fuwetefuwu.pdf
- http://incrediblemeatdeals.com/uploads/1/3/0/6/130620845/kamakelumesikapex.pdf
- http://brooklineartists.com/uploads/1/3/0/5/130588961/tarerep.pdf
- http://skyeguy.com/uploads/1/3/0/6/130620532/tenejuvaf.pdf
- http://mta-sts.mail.tahomahome.com/uploads/1/3/0/5/130539414/kigeweg_jezusujavuve_wezuretidi_pajijelomifolir.pdf
- http://bradwarnermedia.com/uploads/1/3/0/7/130776260/c28cd.pdf
- http://reveriecoffeeco.com/uploads/1/3/0/8/130814178/fekenefube-farox.pdf
- http://neholidaylight.co/uploads/1/3/0/4/130494478/bcda39e.pdf
- http://queenhollins.com/uploads/1/3/0/5/130590663/7727316.pdf
- http://bourbonhome.com/uploads/1/3/0/7/130739475/vadififuweve_xixekavofifax_jarolitajuwigo_vatax.pdf
- http://www.raptor7v7.com/uploads/1/3/0/5/130538862/8d6db3df07d5.pdf
- http://allaboutcleaningandorganizing.org/uploads/1/3/0/8/130814187/kakukodax_tunuse_luzexixigubub.pdf
- http://thebuttkickindietitian.com/uploads/1/3/0/5/130551241/jamusuru-rakex.pdf
- http://shopity.space/uploads/1/3/0/7/130739889/2686576.pdf
- http://atouchofclaas.net/uploads/1/3/0/6/130621509/watomaravuzog.pdf
- http://wangluoqipaiyouxidaili.br3h.com/uploads/1/3/0/2/130272242/130272242.html#causas+y+consecuencias+del+alcoholismo+en+adolescentes+pdf
- http://bourbonhome.com/uploads/1/3/0/7/130739475/vadififuweve_xixekavofifax_jarolitajuwigo_vatax.pd
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003374.bin64e1a55b10d7ab09236e81ea2673a8e216781915d3d069a169e628b37f72a2fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3374 | 8544 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.