MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links likely lead to other PDF files hosted on various domains, suggesting a campaign to manipulate search engine results or distribute further malicious content. The ML classifier and ClamAV detection strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://psorted.com/uploads/1/3/0/2/130270905/2556159.pdf
- http://nitchtechnologies.net/uploads/1/3/0/5/130588692/7545118.pdf
- http://tomasmoniz.weebly.com/uploads/1/3/0/5/130588927/60f1b9.pdf
- http://nylarose.co/uploads/1/3/0/5/130539871/tojasoxux_goxib_kimozozodom.pdf
- http://favaxeko.tauras-metal.ru/uploads/2020/01/27/xotuvuzojena_zerokefexovifaz.pdf
- http://ux-consulting.co/uploads/1/3/0/3/130380037/f88cb0.pdf
- http://love-your-mind.com/uploads/1/3/0/6/130621328/6548877.pdf
- http://kuhni-msc08.icu/uploads/2020/01/27/8288804.pdf
- http://bpacontractorsme.com/uploads/1/3/0/2/130271038/9982481.pdf
- http://magovat.123game.pro/uploads/2020/01/27/goluzejaxosido_kosojupu.pdf
- http://khemicalvex.com/uploads/1/3/0/5/130588185/puvirivok-gedosik-ramuvo-nidofejifuku.pdf
- http://volantmarina.com/uploads/1/3/0/6/130621673/xolubujor-vusajivut-femop.pdf
- http://diybridalacademy.com/uploads/1/3/0/5/130588622/2239642.pdf
- https://midaxebawopul.weebly.com/uploads/1/3/0/2/130273733/9033950.pdf
- http://wearewnc.com/uploads/1/3/0/5/130543878/fuwug-sexujetavoko-xenowebupulodo-jolokejumajumo.pdf
- http://micahandersonmfti.com/uploads/1/3/0/6/130620549/zolupibuxi.pdf
- http://rivesdynamics.com/uploads/1/3/0/6/130621294/edb2cfbc1f9468.pdf
- http://postalmx.com/uploads/1/3/0/6/130605516/5204098.pdf
- https://besexijarosate.weebly.com/uploads/1/3/0/5/130551341/limakaropi_zakakelitij_famuzi_likifow.pdf
- https://julizivuzesu.weebly.com/uploads/1/3/0/5/130547069/jeragewowabu-dokazog-lutizigesipagi.pdf
- http://soulstarmassage.com/uploads/1/3/0/6/130604696/lilosulod_jinika_ledetoxilid.pdf
- http://anitamorrissey.com/uploads/1/3/0/6/130639774/texiv.pdf
- http://mugu.elmatika.com/uploads/2020/01/29/5123021.pdf
- https://maderafidive.weebly.com/uploads/1/3/0/5/130590578/sedepagadidewi.pdf
- http://frbasketball.org/uploads/1/3/0/6/130639183/130639183.html#black+sabbath+paranoid+songbook+pdf
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000017fa.bin5f6910bfe9414f644516be0cbf9543122707a91cd8dacb04bd90491d818754d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17FA | 9228 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.