MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV detected this file as Pdf.Phishing.TtraffRobotInstall-7605656-0, and a machine learning classifier also flagged it as malicious. No scripts were extracted from this sample, but the extensive link farm suggests a phishing or malicious content distribution vector.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://kaushikpaddy.com/uploads/1/3/0/6/130604014/vanodamewad.pdf
- http://morganstermiteandpest.com/uploads/1/3/0/5/130590142/f81aa90.pdf
- http://theshergroup.com/uploads/1/3/0/5/130540507/zimororume_jitofug_bodikosebuzag.pdf
- http://thaitogether.org/uploads/1/3/0/6/130620750/7051689.pdf
- http://expendablespremiere.com/uploads/1/3/0/6/130639028/167edebabeeabd.pdf
- http://thorapplianceoutlet.com/uploads/1/3/0/4/130489222/9027270.pdf
- http://madpalace.com/uploads/1/3/0/7/130775375/rivajak.pdf
- http://wyandottespringsurbanfarm.com/uploads/1/3/0/7/130775749/sajigaxitowuwa-kujorinozu.pdf
- http://inversionesgenerales.net/uploads/1/3/0/5/130551053/50cf76a.pdf
- http://milotheclown.com/uploads/1/3/0/5/130546977/4b6294.pdf
- http://rant-therapy.com/uploads/1/3/0/7/130739478/jowupazikoxibup.pdf
- http://www.blissbrothersbikes.com/uploads/1/3/0/5/130540178/9239710.pdf
- http://naturesintent.co/uploads/1/3/0/2/130272937/8afde976314bbfd.pdf
- http://nicolealisonart.com/uploads/1/3/0/6/130639807/boseve_zoten.pdf
- http://teamwrightbrothers.com/uploads/1/3/0/7/130776561/dinumu-lawogikomut-nujuwelidog-laxujibinas.pdf
- http://garagedoorcredit.com/uploads/1/3/0/4/130436197/bifapanokafaxixep.pdf
- http://wickedwasted.com/uploads/1/3/0/7/130738644/zoxofopugapanake.pdf
- http://srcwwtp.com/uploads/1/3/0/7/130776343/gexinotewurug_kifenutex.pdf
- http://mx.pianobessette.com/uploads/1/3/0/6/130639267/6873982.pdf
- http://mymalloryenglish218.com/uploads/1/3/0/6/130621754/9414314.pdf
- http://postmaster.arieclaassen.nl/uploads/1/3/0/5/130550937/28924.pdf
- http://starspangledbabe.com/uploads/1/3/0/3/130379051/821973fbf508.pdf
- http://www.whiteteethteen.com/uploads/1/3/0/3/130323422/zovazogusokomuditew.pdf
- http://carolynrim.com/uploads/1/3/0/9/130969316/gijupo-fabipifufobowob-tuveruv.pdf
- http://nonakaconsulting.com/uploads/1/3/0/3/130312974/9796022.pdf
- http://hxqh8.bpmtc.com/uploads/1/3/0/7/130740209/130740209.html#adobe+pdf+creation+software
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000039f1.binbdb984affd527b724bf44a8a46ca5706fab0fa1bfb115e7ce384788400ce4571 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x39F1 | 7820 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.