MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded URLs pointing to other PDF files, indicating a link farm or redirection scheme. ClamAV detected this as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', and ML classification strongly flagged it as malicious. The document body text is heavily corrupted, but the presence of numerous external links suggests a malicious intent to drive traffic or distribute further content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://harperhill.farm/uploads/1/3/0/7/130739291/1b2c28247592f.pdf
- http://lindalanza.net/uploads/1/3/0/7/130775098/bubojasijejuxuj-mudidixuxewovon.pdf
- http://www.meester-carlo.com/uploads/1/3/0/5/130543190/mezilekepisobixogu.pdf
- http://www.plussizebridalgownsinma.com/uploads/1/3/0/6/130621312/tunukirazo.pdf
- http://friendsofbcwildsalmon.com/uploads/1/3/0/4/130490250/jizir-jodanabej.pdf
- http://www.seed2superfood.com/uploads/1/3/0/5/130544070/69ff8.pdf
- http://hostmaster.lab96.co.uk/uploads/1/3/0/4/130489230/kiwerogufepobuxoziki.pdf
- http://www.imagerieofchange.com/uploads/1/3/0/2/130271035/d6f609dd9a9e.pdf
- http://tenminuteministries.net/uploads/1/3/0/2/130270792/xumipibilafoju_rowok_fobabewutag.pdf
- http://sunshinerestaurant.ca/uploads/1/3/0/4/130488834/6404886.pdf
- http://sbl-law.com/uploads/1/3/0/3/130324004/00727cc.pdf
- http://agenkastam.com/uploads/1/3/0/6/130604750/5938563.pdf
- http://concoursocial.com/uploads/1/3/0/8/130813120/dumitolavovo.pdf
- http://wearelegionofficial.com/uploads/1/3/0/4/130483167/0ecb6374fc.pdf
- http://theblackswanboutique.com/uploads/1/3/0/3/130313170/zewafaveku.pdf
- http://cleanallpm.ca/uploads/1/3/0/6/130621208/lefonexozonamut-vivujusu-fimeve.pdf
- http://www.northstartholistichealthcounseling.com/uploads/1/3/0/4/130435514/8099cf63.pdf
- http://livingmetroeast.com/uploads/1/3/0/2/130289436/gewepida.pdf
- http://nesyb.net/uploads/1/3/0/7/130775478/1683078.pdf
- http://rethreaded.net/uploads/1/3/0/2/130289461/6c0acb18383a1.pdf
- http://mrshandyman.net/uploads/1/3/0/5/130539820/pukokeloren-zosexom-laxolenekosapo.pdf
- http://shields-data.com/uploads/1/3/0/3/130379067/kajuzibikaxoxozewu.pdf
- http://effinghamcleaners.com/uploads/1/3/0/5/130589297/2db0b4a89c5.pdf
- http://www.zionlutheranmercerwi.org/uploads/1/3/0/3/130323764/voxekuvipetemo_lowabibatet_zitevaru_duxevemuwigi.pdf
- http://aliciabygalaktika.com/uploads/1/3/0/3/130323789/pikawamakusivu_wufupe.pdf
- http://74-123-76-46.mgwnet.com/uploads/1/3/0/2/130288523/130288523.html#excuse+letter+due+to+diarrhea
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000033cd.binc81dc40a87d870fa6347dbd6d594d8ba5afc99a2f59704bf2deac660e0577f56 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33CD | 8064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.