MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. The primary attack pattern observed is the presence of a large number of embedded external links, identified as a 'PDF_SEO_LINK_FARM'. While no scripts were explicitly extracted, the embedded URLs suggest a phishing or redirection attempt, likely to distribute further malware or lead users to malicious websites. The document body contains garbled text and some URLs, reinforcing the malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ingeniouspictures.com/uploads/1/3/0/4/130483337/ad28b4e.pdf
- http://redbrickpro.com/uploads/1/3/0/5/130540021/3407785.pdf
- http://dev.moabgear.com/uploads/1/3/0/5/130588843/3375805.pdf
- http://oratert.host/uploads/1/3/0/7/130776447/9384279.pdf
- http://capitolhillclubmembers.com/uploads/1/3/0/6/130604894/rewefasejozasedivub.pdf
- http://meredithbledsoephd.com/uploads/1/3/0/2/130272577/xibadejusibi.pdf
- http://swag-walk.com/uploads/1/3/0/7/130775923/taboli.pdf
- http://northmiresouces.org/uploads/1/3/0/4/130435850/77ddd5.pdf
- http://thehot-boxcompany.com/uploads/1/3/0/5/130543837/3937f0d.pdf
- http://shapenv.com/uploads/1/3/0/7/130776078/d817eb477b36.pdf
- http://rrrtag.com/uploads/1/3/0/3/130379118/zifonamusezotis_rirolidamidat_jojolo_megupamizupib.pdf
- http://wiredweird.net/uploads/1/3/0/6/130639781/c3b6d09b9c5d7.pdf
- http://greshambankruptcyattorney.com/uploads/1/3/0/2/130287314/3442422.pdf
- http://akakeb.com/uploads/1/3/0/6/130621248/zizevavufegenabuguw.pdf
- http://designsbydorian.biz/uploads/1/3/0/2/130273980/labevan.pdf
- http://therightpickguitarlessons.com/uploads/1/3/0/6/130604737/wegejopakopim.pdf
- http://neucareers.com/uploads/1/3/0/3/130323253/dofixaki-dipamigomolur.pdf
- http://pineapplecoffeeandtea.com/uploads/1/3/0/3/130379902/soxewunipovovaradek.pdf
- http://shanleighhair.com/uploads/1/3/0/6/130621918/kovuta.pdf
- http://uberscrudu.com/uploads/1/3/0/7/130739210/96c1b5879f9.pdf
- http://moonlight.gffgrow.org/uploads/1/3/0/6/130640081/zebaz.pdf
- http://camptexas.com/uploads/1/3/0/4/130489386/5294547.pdf
- http://nudevember.net/uploads/1/3/0/6/130604181/lurutegigutalu_riripulup.pdf
- http://mrjohnmiddleton.com/uploads/1/3/0/3/130379412/6164130.pdf
- http://kcdermodywriter.com/uploads/1/3/0/5/130544295/5824780.pdf
- http://www.oceansexperiment.com/uploads/1/3/0/6/130603965/130603965.html#dallas+airport+map+terminal+c+to+b
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000129b.bin94fd3860007b11b51f101969b485b7d2166885416b0018f1f6b25bf688a3ce7d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x129B | 8632 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.