MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded URLs pointing to other PDF files, indicating a link farm or a distribution mechanism for further content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the critical heuristic 'PDF_SEO_LINK_FARM' strongly suggest malicious intent, likely related to phishing or traffic redirection. No scripts were extracted, but the structure and embedded URLs are sufficient to infer the attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://theprojectiondesk.com/uploads/1/3/0/6/130621831/3823020.pdf
- http://love-your-mind.com/uploads/1/3/0/3/130379757/989128.pdf
- https://genusemis.weebly.com/uploads/1/3/0/5/130551279/bijima.pdf
- http://kubafo.servago.ru/uploads/2020/01/28/bodatubejipav-sirezojuxoxa-solopadupux.pdf
- http://kosherscd.com/uploads/1/3/0/5/130540366/ce7d5dcc4516e.pdf
- http://remudojad.buyfiesta.ru/uploads/2020/01/28/nojemonunexojok_punewevo_kilixafelal_mobomivivubewet.pdf
- http://juvimujuka.galaxycom.ru/uploads/2020/01/28/6949070.pdf
- http://turizmtlt.ru/uploads/2020/01/27/zasunijulumewu-zavas.pdf
- http://sag.kelta.ru/uploads/2020/01/29/553884.pdf
- https://nuguruti.weebly.com/uploads/1/3/0/4/130488812/bobawebafe.pdf
- http://carenciayoga.com/uploads/1/3/0/6/130604894/9ede367f846.pdf
- http://torreazul.es/uploads/1/3/0/2/130289154/5338676.pdf
- http://teb.infonetacademy.tech/uploads/2020/01/28/valujobanopoga.pdf
- http://bujodekeke.nissancentr.com/uploads/2020/01/29/vanixo-negupudepugexaw.pdf
- http://giritaravi.catiacristais.com/uploads/2020/01/27/woxumejetolorafakire.pdf
- http://stephenm.ca/uploads/1/3/0/6/130605405/580d25.pdf
- http://2020sugarland.net/uploads/1/3/0/6/130604348/b3a80c7540b4.pdf
- http://zisexijofa.sportyers.com/uploads/2020/01/28/ratuwisus.pdf
- http://lakelifefashions.com/uploads/1/3/0/4/130488483/4807327.pdf
- http://cshennessyenterprises.net/uploads/1/3/0/6/130621021/pemamisozud-tunekewavavax-bosugi-nixatilum.pdf
- http://oceanviewlotuvita.com/uploads/1/3/0/4/130483684/1608495.pdf
- http://animaleyeconsultantsd.com/uploads/1/3/0/6/130620681/130620681.html#chinese+bopomofo+keyboard
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000182d.bine1fd935585d139d99fbdf9ac34b99770c6d3012d0b7f3a70f0a6cd64b9a539fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x182D | 8456 bytes |
font_01_sfnt_off00007518.binb46a2962b81877f921f80e7256dd844f05ce4df28b49cba209514fa1e1f6605d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7518 | 16100 bytes |
font_02_sfnt_off0000897c.bine2f1373bf3d70a40ff4276a486f0a1d2d32154e4f45ad1243a44c3d3b7d91cea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x897C | 2652 bytes |
font_03_sfnt_off000092ff.binfb1fc0b5832b63896e67e59bd987f4e08fe379beef375386958a2df622cb68d5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x92FF | 9888 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.