MALICIOUS
192
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a large number of external links, many of which point to other PDF files hosted on suspicious domains. The document body, though partially corrupted, suggests a lure related to internship applications, aiming to trick users into clicking these links. The presence of numerous SEO-optimized links and the ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall' strongly indicate a phishing or malicious content distribution scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINKPDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://kozowski4sheriff.com/uploads/1/3/0/2/130288379/5276881.pdf
- http://luvaw.konstantinostapenko.com/uploads/2020/01/27/3176562.pdf
- http://bitiwa.focus-travel.ru/uploads/2020/01/28/dutasexuzagawij.pdf
- http://kalowoweg.heatherandleewedding.com/uploads/2020/01/27/rutadat-fetoxav-wabobamunakutis-sokogiwinisapir.pdf
- http://norwalkunitedmethodistchurchiowa.com/uploads/1/3/0/5/130544390/8916935e4a2034d.pdf
- http://asimplehouse.weebly.com/uploads/1/3/0/3/130323328/97928ff09034.pdf
- http://sesifufa.cinemacritico.online/uploads/2020/01/28/fe1cbaa.pdf
- http://dana.1-gc.biz/uploads/2020/01/27/bukegavesuput.pdf
- http://atwoodarmory.com/uploads/1/3/0/4/130488500/sosazur_nosapizidop.pdf
- http://analogi.us/uploads/1/3/0/6/130621385/ropisebaxe-matulefiwixewik-futolijukekun.pdf
- http://wishesinwinecountry.com/uploads/1/3/0/6/130620677/2d4645730736ce.pdf
- http://moveonidiomes.com/uploads/1/3/0/6/130603731/borofenegavabinumaf.pdf
- https://fegefelulijij.weebly.com/uploads/1/3/0/2/130273582/pozexup-dedojaganajejo.pdf
- http://3dtourkmv.ru/uploads/2020/01/27/14a348407ea2682.pdf
- http://dominationworkshops.com/uploads/1/3/0/5/130541424/6075172.pdf
- http://nutritionunique2u.com/uploads/1/3/0/5/130550666/wujonademigi-kutefotipope-ligufokenivem-dadegepuzaxel.pdf
- http://opbaspartans.com/uploads/1/3/0/6/130605146/78311af9a9df3.pdf
- http://vekeb.imperium.bz/uploads/2020/01/28/8ff0311a5ed8.pdf
- http://benchmarkcoachingapp.com/uploads/1/3/0/6/130604764/61d8b.pdf
- https://tasulakizasi.weebly.com/uploads/1/3/0/5/130590279/gujalelivovafogi.pdf
- http://petershenkinlaw.com/uploads/1/3/0/2/130272327/xekenijudaf_mitaxin_lavazogi.pdf
- http://thegentlemancodebrand.com/uploads/1/3/0/3/130313613/4071598.pdf
- http://anaeugeniophotography.org/uploads/1/3/0/6/130605325/difizanunilid.pdf
- https://fupofabidup.weebly.com/uploads/1/3/0/6/130604177/fejosuwutifasetazomu.pdf
- http://rehphotography.org/uploads/1/3/0/4/130488875/130488875.html#covering+letter+applying+for+internship
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000184a.bin948dfd9f1a5e9f5f5932fc5ab3bf87c42ea9fc49a59bc91e27d4758b2a576805 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x184A | 8580 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.