MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various domains, each hosting a PDF file with a numeric slug in its path. This pattern suggests an attempt to manipulate search engine results or distribute malicious content through a link farm. The ML classifier and ClamAV detection further support the malicious nature of this file.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://powerlazer.party/uploads/1/3/0/5/130551015/gazavogixabumo-keluvivut-tagabulajosuv.pdf
- http://1169certified.org/uploads/1/3/0/6/130639321/9ce00ce8bb4a.pdf
- http://randolphcoachllc.com/uploads/1/3/0/3/130379506/65a0ea564180723.pdf
- http://svdptc.org/uploads/1/3/0/6/130620402/8979027.pdf
- http://mitchcapone.com/uploads/1/3/0/6/130622083/62787d843.pdf
- http://plaid2pumps.com/uploads/1/3/0/7/130739141/pisow-nitefamu.pdf
- http://fairpricedroofing.com/uploads/1/3/0/8/130814225/tibowonazetot.pdf
- http://adobedelsolpropertysolutions.com/uploads/1/3/0/7/130740060/8529107.pdf
- http://technomadictherapy.com/uploads/1/3/0/6/130639949/a47dc19.pdf
- http://nativenationarts.com/uploads/1/3/0/5/130541424/4794250.pdf
- http://www.tinselcity.club/uploads/1/3/0/4/130483819/1401850.pdf
- http://www.riomizushima.com/uploads/1/3/0/4/130476589/womuferutekikafusi.pdf
- http://www.ecwgroundsmaintenance.co.uk/uploads/1/3/0/8/130874519/samoxavatufolidudofu.pdf
- http://www.livingthroughleading.org/uploads/1/3/0/6/130640198/fijafidakizesop.pdf
- http://spd.services/uploads/1/3/0/6/130604640/42773e69461.pdf
- http://575mn.dtmgt.com/uploads/1/3/0/4/130476012/gulaviguv_mikike_zubabisuno.pdf
- http://reddfoxxnews.com/uploads/1/3/0/8/130873983/xepomev.pdf
- http://theavenuenewspaper.com/uploads/1/3/0/3/130323581/8e03b45f2b21fb.pdf
- http://kieranfoyfitness.com/uploads/1/3/0/5/130588923/5846924.pdf
- http://esnconsultancy.com/uploads/1/3/0/3/130379194/lolosiwem.pdf
- http://stress-sport.com/uploads/1/3/0/4/130435684/loxefilerafoxa_fowomef_newusawoze.pdf
- http://www.cdouglasimages.org/uploads/1/3/0/2/130289220/xedum_forukopidedu_fedopoferuk.pdf
- http://momhustleology.com/uploads/1/3/0/6/130621248/vekirile_fuxexupuvis.pdf
- http://nextpathfinance.org/uploads/1/3/0/7/130739933/lazorad.pdf
- http://saraexpress.net/uploads/1/3/0/7/130775907/290015.pdf
- http://a1094964xstreamtravel.xsideas.com/uploads/1/3/0/6/130605112/130605112.html#national+essay+competition+on+agricultural+waste+to+wealth
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000010c6.bin002c7b34e6cf577ed544fe4cd91bcf2f6a4d8f46b7b9d006255c6d83fbf32666 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10C6 | 9332 bytes |
font_01_sfnt_off00008a63.bin1c4df7cb2ec2e4b76a2e5bfd4a7ec188bfc3076f8a2f1e90c1edf5be962d6f0b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A63 | 16512 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.