MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The file is a PDF document identified as malicious by ML classifiers and ClamAV, specifically flagged as Pdf.Phishing.TtraffRobotInstall. The document body, though heavily obfuscated, suggests it is presented as a user guide to entice users. A key IOC is the external URI pointing to a suspicious domain, likely serving the malicious payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://jexeja.ssberprizee.info/uploads/2020/01/27/nowakenir.pdf
- https://pifamedoru.weebly.com/uploads/1/3/0/3/130379422/36c0341977c4b.pdf
- http://assentive.net/uploads/1/3/0/2/130291373/fivaxuwuka.pdf
- http://free-rein-ranch.com/uploads/1/3/0/4/130488666/3795923.pdf
- http://asburycropfarm.org/uploads/1/3/0/4/130489066/bebukonidivarowapar.pdf
- http://mindforyou.org/uploads/1/3/0/2/130272848/130272848.html#linksys+e2500+user+guide+pdf
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000102b.bin47f84e33cc3f2613def6c49a08640c4ed4b58d06ba38a2ed1a694c84725b2dac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x102B | 7140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.