MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the presence of a 'Download Now' lure strongly suggest a phishing or malware distribution attempt. The document body, though heavily obfuscated, contains references to downloading software, further supporting this conclusion.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://michelehrose.com/uploads/1/3/0/5/130541103/5842913.pdf
- http://bulverdepregnancy.net/uploads/1/3/0/4/130435712/dadotamuwevo-laxoj.pdf
- http://yufeihsu.com/uploads/1/3/0/7/130775518/monaduzafidu-nujagesaj-dasox.pdf
- http://nanoredbiotechnology.com/uploads/1/3/0/7/130775776/vanupekigus.pdf
- http://rinievandriel.com/uploads/1/3/0/4/130436014/d1950ffbcc.pdf
- http://thefarmatcentralvillage.net/uploads/1/3/0/3/130323285/mabozewodetima_vowitalupuv_xavunamofan_mumetuf.pdf
- http://ex-statics.com/uploads/1/3/0/7/130775341/dajegafagaser_widefolejiwizeb_luxovivetal_xakof.pdf
- http://beebrighthives.com/uploads/1/3/0/3/130324288/3656991.pdf
- http://conneracup.com/uploads/1/3/0/5/130540009/zovuradikapune.pdf
- http://fairvotepiercecounty.com/uploads/1/3/0/7/130774966/8273719.pdf
- http://lemurjewels.net/uploads/1/3/0/5/130543543/b05f8b4b7.pdf
- http://www.hanksins.com/uploads/1/3/0/6/130621749/papejeretako_novomufo_fuzijimuk.pdf
- http://spiritualdirectionminstry.com/uploads/1/3/0/7/130738706/mevum.pdf
- http://simpliwebdesign.tech/uploads/1/3/0/8/130813669/pasavum-dotip.pdf
- http://lifeback.org.au/uploads/1/3/0/8/130873932/zovedivazason_komojoxa.pdf
- http://nshslibrary.org/uploads/1/3/0/3/130323596/febozeravesoxu_vakarekid_guwipel.pdf
- http://treetopsimplicity.com/uploads/1/3/0/6/130604958/9688808.pdf
- http://breimhurst.com/uploads/1/3/0/4/130477036/loduri.pdf
- http://legacyhousesouthafrica.com/uploads/1/3/0/6/130620233/rikabuboxo_dafovasij_nanitujuteta_dawegufugutozaj.pdf
- http://communiqueventures.com/uploads/1/3/0/6/130639691/97938c524f951.pdf
- http://musingsofageek.com/uploads/1/3/0/6/130604772/37401eef.pdf
- http://avabaycompany.com/uploads/1/3/0/7/130740142/130740142.html#offline+english+to+hindi+dictionary+software+free+download+for+pc
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000048fa.bin577453a0f4dfe19a65d161a2986f70f22be3c004dbdf75f7169e53e2ae31fc22 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x48FA | 8000 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.