Malicious PDF — malware analysis report

Static analysis result for SHA-256 4cba52102ecfe220…

MALICIOUS

PDF

36.7 KB Authoring application: Scribus
MD5: 830a1cd5f2e1ef031054b5afb809e8b2 SHA-1: ad14d59c0fbcbc79342ca46d4cecf78c897ca739 SHA-256: 4cba52102ecfe220a1ad1579e1f3257f2861b7626fb513f860cd0fdafa2be505
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1566.002 Spearphishing Link

The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various domains, suggesting a coordinated effort to distribute malicious content or redirect users to phishing sites. The ClamAV detection further confirms the malicious nature of the file, classifying it as Pdf.Phishing.TtraffRobotInstall. The embedded document body text is heavily obfuscated and does not provide clear intent beyond the link farm.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://nextbillionventures.com/uploads/1/3/0/7/130738945/0d9a006201.pdf
    • http://ericquezada.com/uploads/1/3/0/4/130483341/a93b7f.pdf
    • http://www.risingtotheocassion.com/uploads/1/3/0/4/130483626/jevoriwa_tojume.pdf
    • http://virtotour.com/uploads/1/3/0/7/130775245/9005068.pdf
    • http://bestofthemenu.com/uploads/1/3/0/7/130740624/a518b.pdf
    • http://bayviewblast.com/uploads/1/3/0/6/130639762/1054156.pdf
    • http://explainindepth.online/uploads/1/3/0/6/130603935/683672.pdf
    • http://fatandys.us/uploads/1/3/0/7/130739926/4421581.pdf
    • http://sawscience.com/uploads/1/3/0/6/130604879/59274055.pdf
    • http://simixagplus.com/uploads/1/3/0/5/130551399/64d517d.pdf
    • http://milton-trails.com/uploads/1/3/0/7/130739962/1467254.pdf
    • http://nootkasoundretreats.com/uploads/1/3/0/7/130776629/vosenowe.pdf
    • http://kleinforensicpsychiatry.com/uploads/1/3/0/4/130483886/cb835.pdf
    • http://swapoowallet.net/uploads/1/3/0/6/130603815/pewatexazawujobo.pdf
    • http://creativeconnectionsartsandcraftsstudio.com/uploads/1/3/0/4/130488198/cd3e9aae1f58b0.pdf
    • http://ns3.daveslattum.com/uploads/1/3/0/7/130739982/foxajejeg_bukozupodet_zixun.pdf
    • http://athletica4.org/uploads/1/3/0/2/130289395/bobosiwed_jibutir_norimoki_bofegotonoka.pdf
    • http://www.hogsandairdogs.com/uploads/1/3/0/7/130776067/xisiwo.pdf
    • http://anthonydcoleman.net/uploads/1/3/0/7/130776133/cda72760054bf.pdf
    • http://limoservice247.com/uploads/1/3/0/8/130813896/1327789.pdf
    • http://webdisk.themodestshoptx.com/uploads/1/3/0/5/130551623/130551623.html#maslow+hierarchy+needs+advantages+disadvantages
    • http://creativeconnectio

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002fe3.bin
39ac8285d03cf4386085faded91e53a7401f4c1ca5e2465130dbc346f433be6d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x2FE3 7872 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.