MALICIOUS
192
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a lure related to payment redirection or bank detail changes, a common tactic in business email compromise attacks. It also features a large number of external PDF links, suggesting it's part of a link farm designed to distribute malicious content. While no scripts were explicitly extracted, the presence of embedded URLs and the nature of the lure strongly indicate a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://nof.newsvse.ru/uploads/2020/01/29/e68a8.pdf
- http://zusjesdeboertest.weebly.com/uploads/1/3/0/2/130287919/xadule.pdf
- http://cavumcloud.com/uploads/1/3/0/6/130621273/1577f26.pdf
- http://kunife.kardio-control.ru/uploads/2020/01/27/mumafiko.pdf
- http://brian-amos.com/uploads/1/3/0/3/130379429/5fa6ee1509.pdf
- http://raribuwik.paypal-myaccount.net/uploads/2020/01/27/resakaze.pdf
- http://gobutoje.pansionat-chaika.com/uploads/2020/01/28/metamakig-janewoton-xupitexofamel-zaxupe.pdf
- http://deluwutut.ekstra123.ru/uploads/2020/01/28/saxegimu.pdf
- http://tomebusiki.sapphiremarket.org/uploads/2020/01/28/fb6e68d8.pdf
- http://bukaka.coffee-cap24.info/uploads/2020/01/28/718541.pdf
- http://fanisaw.raz-ezzhaya.ru/uploads/2020/01/29/5d70e6af.pdf
- https://kubobitix.weebly.com/uploads/1/3/0/5/130551231/ropajifabumetirojezo.pdf
- http://room212productions.com/uploads/1/3/0/4/130476332/gumiwemekive.pdf
- https://vomojogugu.weebly.com/uploads/1/3/0/5/130539660/3868600.pdf
- http://tarar.shegaoncoaching.in/uploads/2020/01/28/9546605.pdf
- http://kiwefofuge.7gnomov.biz/uploads/2020/01/28/pegusokurimelurevof.pdf
- https://guvuninawimo.weebly.com/uploads/1/3/0/5/130589401/2471f04e01.pdf
- http://topfloor.space/uploads/2020/01/27/mezatujinukedu.pdf
- http://agouracouplestherapy.com/uploads/1/3/0/6/130621754/lomaxogameve.pdf
- http://sago.oprosniksell.xyz/uploads/2020/01/29/bovogukovoxurabimu.pdf
- https://zipafubavu.weebly.com/uploads/1/3/0/3/130313360/dojosi.pdf
- http://mountunionchurch.org/uploads/1/3/0/2/130270885/3684265c1c.pdf
- http://parkandvinyl.com/uploads/1/3/0/6/130621244/1482658.pdf
- https://gilikugezekide.weebly.com/uploads/1/3/0/5/130540246/c8d12936c799f1f.pdf
- http://airbrushinggourds.com/uploads/1/3/0/5/130589354/20759f66f6.pdf
- http://rebeccalaplacaattia.com/uploads/1/3/0/2/130288802/130288802.html#how+to+fill+sbi+account+opening+form+for+resident+individuals+part+1
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000178f.bindbcb9ebcb61ed4ebd6b6ac91496d6a826f9b1e749dc58a6c3cd670f6a6cc5783 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x178F | 7900 bytes |
font_01_sfnt_off000072d4.binf31c439e28d0137206b91a151f21343900f846ed9ff070250fbe82eb1cc7da1d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72D4 | 16204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.