MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of external links, many of which point to other PDF files, suggesting a link farm designed for SEO manipulation or to host malicious content. The presence of a 'download button' heuristic further supports a lure-based attack. ClamAV detection and ML classification confirm the malicious nature of the file.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://vmmovers.com/uploads/1/3/0/6/130639603/3567543.pdf
- http://lucubratus.com/uploads/1/3/0/6/130620793/1798898.pdf
- http://m9yrc.bpmtc.com/uploads/1/3/0/3/130323237/gewadetinanutelof.pdf
- http://edifypublications.com/uploads/1/3/0/7/130739663/fokojodebovejovufoze.pdf
- http://berdingweil.org/uploads/1/3/0/8/130813988/8229798.pdf
- http://mta-sts.mxe.satokatzbengals.com/uploads/1/3/0/4/130489398/5991457.pdf
- http://www.crjmhs.org/uploads/1/3/0/7/130775274/401a082a8.pdf
- http://ravengroupsf.com/uploads/1/3/0/9/130969905/luzipofivuxeka_supewu_siwuwi_pelowa.pdf
- http://lifestylewithlizzie.com/uploads/1/3/0/3/130379123/1280087.pdf
- http://webdisk.behealthyburleson.com/uploads/1/3/0/6/130639157/lulofixobas-semumobawude.pdf
- http://ghosttrainband.com/uploads/1/3/0/8/130813652/vagizudorefab-vidikaxiduguzok-xuwoxapoweworop-dawilapawit.pdf
- http://www.janivocleaning.com/uploads/1/3/0/2/130289535/cfb68ac6b1bd946.pdf
- http://apexplacementaz.com/uploads/1/3/0/5/130588650/vegova.pdf
- http://midnightepiphanymusic.net/uploads/1/3/0/2/130271165/a18b156c2fbc61.pdf
- http://bearsversusbabiesgame.com/uploads/1/3/0/2/130291689/560700.pdf
- http://www.dentonstuccocontractor.com/uploads/1/3/0/5/130539923/6316279.pdf
- http://bewear2kxtensions.org/uploads/1/3/0/7/130775776/lukonupomoxuxob_vilida_sigurojirexo.pdf
- http://sharpening901.net/uploads/1/3/0/6/130621293/8291006.pdf
- http://samanthajoyphotography.com/uploads/1/3/0/7/130776740/5e5059a243b41.pdf
- http://ayalaherreraabogados.com/uploads/1/3/0/6/130621588/02d951b1cb.pdf
- http://spectrumlifecare.net/uploads/1/3/0/7/130739289/a11c0.pdf
- http://sidelkibezposrednikov.ru/uploads/1/3/0/3/130323932/2c2d0f3bdf0f52.pdf
- http://arbofor.fi/uploads/1/3/0/2/130272092/tagovenu.pdf
- http://clearthebusinessfear.com/uploads/1/3/0/4/130483573/130483573.html#gta+san+andreas+mod+apk+offline+for+pc
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003867.bin60355cc68cb3e750ddcac96750accb574b0596e2438b4474bab9686e30e0ed30 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3867 | 8692 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.