MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The PDF file contains a large number of external links to other PDF files, indicating a link farm designed to distribute malicious content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports its malicious nature. The document body, though partially corrupted, suggests a lure related to a motivation letter, likely to trick users into clicking the embedded links and downloading further malicious payloads.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ziji.sally-girl.pw/uploads/2020/01/27/tuliz.pdf
- http://propiedadesfibrastextiles.com/uploads/2020/01/27/pufixi_bazeg_basizowevex.pdf
- http://kimonomer.tahocentr.ru/uploads/2020/01/27/5378558.pdf
- http://mylifebuilder.org/uploads/1/3/0/3/130323329/vavekikalazok-rofozunig-vetasogibufeve-jexixeposu.pdf
- http://southerngirlcoffee.com/uploads/1/3/0/6/130603945/170236.pdf
- http://loveunitylife.com/uploads/1/3/0/4/130483805/dugibepobetifo.pdf
- http://landscapedreaming.com/uploads/1/3/0/2/130271080/fajedowumi-gazevozev-wevabevorug-vanibu.pdf
- http://gezoz.fabrika-perchatok.com/uploads/2020/01/27/muxoxopeku_xinenobadozigo_suket.pdf
- http://bababa.vmeshatelstva-na-trubah-yaichnikah.ru/uploads/2020/01/27/5010095.pdf
- http://mrkdenton.com/uploads/1/3/0/5/130539130/mosofelidevej-patof.pdf
- http://alexandriamooneyjones.com/uploads/1/3/0/3/130379488/fowuni.pdf
- http://47ranchoregon.com/uploads/1/3/0/4/130435925/3a1b9267f91b9.pdf
- https://xapizawawejux.weebly.com/uploads/1/3/0/5/130590233/33f596252d.pdf
- http://powi.comparatuapuesta.com/uploads/2020/01/28/4876220.pdf
- http://msert.net/uploads/1/3/0/5/130551013/9986622.pdf
- http://relono.lspd-fivelife.fr/uploads/2020/01/27/xigiguvimegix.pdf
- http://southernservices1.com/uploads/1/3/0/3/130323423/ef1b8ab3e.pdf
- https://gumufofokiv.weebly.com/uploads/1/3/0/3/130313400/fukekus_negugadunagele_vijutulixus_mejowunase.pdf
- http://mrmanoharan.com/uploads/1/3/0/6/130621812/vugod.pdf
- https://bojotuduxo.weebly.com/uploads/1/3/0/2/130272387/2909288.pdf
- http://sandyburlesoneportfoliowfu.com/uploads/1/3/0/6/130620752/detezokolulizif.pdf
- http://tahoetimbersledtours.com/uploads/1/3/0/6/130620313/dujulafibipemogi.pdf
- http://creatingtheconditionsfortransformation.com/uploads/1/3/0/4/130435781/deruriguniga.pdf
- http://rechtspraak-republieknl-aarde.space/uploads/1/3/0/2/130287960/fenegarudonoraj_moperura.pdf
- http://oakclass.com/uploads/1/3/0/6/130621123/130621123.html#motivation+letter+for+job+application+pdf
- http://relono.lspd-fivelife.fr/uploads/2020/01/27/xigiguvim
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000012cb.bin27c61bc6a639353ca14a5bfbdabe92e5f7ffdbd04acf37f545c619257a6fb79e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12CB | 8216 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.