MALICIOUS
188
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded links, many of which are repeated and invisible, designed to trick the user into downloading a payload. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing campaign. The document body contains garbled text and a reference to 'Dainik jagran epaper pdf download', likely a lure to disguise the malicious links.
Heuristics 5
-
Invisible/repeated PDF links deliver payload file critical PDF_REPEATED_PAYLOAD_LINK_LUREPDF uses invisible link annotations and points to a direct payload download. Repeated invisible links or lure-like payload names such as document/unlock/verify archives match malware-delivery PDF carriers where the page is only a prompt and the real payload is fetched from the linked URL.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.biosolutions.com.sg/uploads/1/3/0/6/130604338/9bc3026990.pdf
- http://florenceroadseitanist.com.au/uploads/1/3/0/6/130621708/8e14c4dcb6df.pdf
- http://leakstopltd.co.uk/uploads/1/3/0/9/130969195/fddf01001bf.pdf
- http://www.mosaik-fabrik.de/uploads/1/3/0/5/130550698/titusedawirawumujo.pdf
- http://comonativo.com/uploads/1/3/0/2/130287285/62909ad713eb13.pdf
- http://caagroupllc.net/uploads/1/3/0/7/130776821/jebalivebitufi.pdf
- http://mta-sts.mx.heritagesdachurchnyc.org/uploads/1/3/0/7/130775413/pijusubamiwopag.pdf
- http://plancul-lehavre.net/uploads/1/3/0/5/130551764/jologonadiw.pdf
- http://hostmaster.agdonakitchen.com/uploads/1/3/0/5/130543784/lefoj.pdf
- http://www.sarahelizabethhurley.com/uploads/1/3/0/3/130323532/2845172501af9e.pdf
- http://michaelrataj.net/uploads/1/3/0/3/130323697/7224889.pdf
- http://aclarkphotography.com/uploads/1/3/0/7/130740258/9134165.pdf
- http://www.thefancyfoxllc.com/uploads/1/3/0/7/130739781/7775640.pdf
- http://shipshapedesigns.com/uploads/1/3/0/2/130288864/dovolukit_biribidamux_zojudevolu_vubiledum.pdf
- http://www.rl3.es/uploads/1/3/0/7/130775940/50fca2edd59e.pdf
- http://vacationsofdiscovery.voyagerwebsites.com/uploads/1/3/0/7/130775987/130775987.html#dainik+jagran+epaper+pdf+download+iascgl.com
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000446a.bin1723f1ced37cc89d69e30f3df6281c5e5fb8989544fd4587aa75b00c91af2fd0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x446A | 1388 bytes |
font_01_sfnt_off00004e2d.binf26583e19dbe250a8b0320508bb9c9985fbd4f4426a02b8498dfe62cd14f8645 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E2D | 7248 bytes |
font_02_sfnt_off00006a62.bin9f68699c1c282eedcf9523ddac59f3646ff038d0d3b37cf52b4588ddb1663e78 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A62 | 16124 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.