Malicious PDF — malware analysis report

Static analysis result for SHA-256 447d7e2f8c1e7ec0…

MALICIOUS

PDF

35.0 KB Authoring application: PDF Studio
MD5: bd7bd2c28ae6969fd6eb2599e4c8fdb9 SHA-1: e2e44da3e3289f4d67b7031083ee45a8e574ad9b SHA-256: 447d7e2f8c1e7ec0f713165dcd94a7c6aae635cbace9cede9b965641fceca89d
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by multiple heuristics, including a critical rule for a link farm and a machine learning classifier. ClamAV identified it as Pdf.Phishing.TtraffRobotInstall-7605656-0. The document body contains numerous embedded URLs, indicating a likely phishing or redirection attempt to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://jeffnewmanliving.com/uploads/1/3/0/5/130590507/dilepiramiz_jefaruxivoge.pdf
    • http://svet.store/uploads/1/3/0/2/130272083/gelariwo.pdf
    • http://ritayost.com/uploads/1/3/0/6/130605094/c2b7dace4806e.pdf
    • http://barbwireandgrace.com/uploads/1/3/0/7/130775443/3d7d3955.pdf
    • http://ktburke.com/uploads/1/3/0/3/130379069/futagutokagagiwi.pdf
    • http://myeagerlaw.com/uploads/1/3/0/5/130588206/jatazozemexuz.pdf
    • http://autospadeuce.com/uploads/1/3/0/8/130814112/lasafumogaker-pubewipumigugog-wipinonidunup-tagaz.pdf
    • http://thefastshopp.com/uploads/1/3/0/5/130590469/puvubebetosobe-zasegovowuzifo-morobejilu-kimuxe.pdf
    • http://moorejude.com/uploads/1/3/0/6/130604110/sisopidaxarezime.pdf
    • http://celebrateinvitations-test.com/uploads/1/3/0/8/130874099/fefidu.pdf
    • http://cpanel.mcintoshchurch.org/uploads/1/3/0/5/130588256/6882489.pdf
    • http://taylor--kathryn.rominastiebenphotography.com/uploads/1/3/0/8/130814219/130814219.html#adverbs+and+adverbial+phrases+grammar

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003159.bin
d1a08e5dcbc97e828fa54449f419793213c45bb8528a85e0d45a6d57287af4d4		 pdf-font-stream PDF embedded font (sfnt) at offset 0x3159 7936 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.