MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The ClamAV detection and ML classifier strongly indicate malicious intent. The PDF contains embedded URIs pointing to other PDF files, suggesting a phishing or malware distribution scheme. The document body, though heavily obfuscated, contains references to URLs that are likely part of the lure. The presence of external URIs points to a spearphishing attachment attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://lakeridgedentalclinic.com/uploads/1/3/0/5/130543156/wutaraxonewabesew.pdf
- http://amusementmgtshirts.com/uploads/1/3/0/5/130551418/773851350cd6728.pdf
- http://bodyworkbybarb.com/uploads/1/3/0/4/130476917/70b173.pdf
- http://theproccast.com/uploads/1/3/0/4/130478160/6381033.pdf
- http://actionhomerepair.com/uploads/1/3/0/5/130542996/1ea6c4cc.pdf
- http://drpatty.net/uploads/1/3/0/6/130604543/130604543.html#amd+phenom+9550
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001053.binfe87fc4470faba0c9d533f362c2e0bd0ee73506912af80f83ef21b4fb735a32f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1053 | 8360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.