MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. The PDF_SEO_LINK_FARM heuristic identified a large number of external links, with the primary domain being stagesphere.com. These links likely serve as a lure to redirect users to malicious sites, consistent with phishing or malware distribution campaigns. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://stagesphere.com/uploads/1/3/0/6/130620764/pasigugideka_nipotidekabom_zufiwi.pdf
- http://capitalsoluble.com/uploads/1/3/0/3/130379625/xizulunat.pdf
- http://www.uttmwg.com/uploads/1/3/0/6/130605036/vunivuwule.pdf
- http://pressburg-partners.com/uploads/1/3/0/6/130605355/vixizapimotobova.pdf
- http://sweetwillowsoap.com/uploads/1/3/0/5/130550657/3398006.pdf
- http://www.kidsanimalsplants.com/uploads/1/3/0/6/130639327/visevonuw.pdf
- http://luguimaraes.com/uploads/1/3/0/5/130539797/davagopo.pdf
- http://danbancroft.com/uploads/1/3/0/5/130588546/rajaxovuleduburo.pdf
- http://inmanenergy.com/uploads/1/3/0/5/130551182/rivumexamula_reviso_gizojod_venesobub.pdf
- http://hostmaster.thesource.wales/uploads/1/3/0/7/130776526/74e6bedf113.pdf
- http://ldhbuyshomes.com/uploads/1/3/0/6/130621125/wexatubakunakem.pdf
- http://wakeful-life.com/uploads/1/3/0/3/130313595/9270680.pdf
- http://elizabethbriskin.com/uploads/1/3/0/2/130270804/wivibiwan_woxigadi_fijobivuw.pdf
- http://desatascosbarcelona.net/uploads/1/3/0/5/130544702/f1fb6a9f05d262e.pdf
- http://mydatadriven.com/uploads/1/3/0/5/130590671/junobenaso-xomuli-sulolona.pdf
- http://easyauctionshipping.com/uploads/1/3/0/6/130603979/4714087.pdf
- http://musicationlabel.com/uploads/1/3/0/2/130288630/8209774.pdf
- http://scalingthewell.net/uploads/1/3/0/7/130776509/2701393.pdf
- http://ecceko.net/uploads/1/3/0/7/130738531/nepus.pdf
- http://barosario.org/uploads/1/3/0/2/130272945/demebuxuremogutapux.pdf
- http://novodox.org/uploads/1/3/0/4/130435631/989c7be.pdf
- http://entrepreneurssuccessformula.com/uploads/1/3/0/2/130273987/130273987.html#baidyanath+ayurvedic+books+in+hindi+pdf+free+download
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00000fb3.bine6961c7951f7c941911d40c3810e3755bb04c8f4dce44eb5c8a4bf9eeb27772d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB3 | 8004 bytes |
font_01_sfnt_off00006d04.bin1723f1ced37cc89d69e30f3df6281c5e5fb8989544fd4587aa75b00c91af2fd0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D04 | 1388 bytes |
font_02_sfnt_off00007717.bin5f6fc357793503ca2f3a82652787b80c7f3c5c9aa7a1fcc669bc4c56675476e6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7717 | 15256 bytes |
font_03_sfnt_off00009ffe.bin355b6b1187c2061b4b6afeabe291405b20f764735e94fdafd1b42d85cb8f85a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9FFE | 12172 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.