MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ClamAV detection as Pdf.Phishing.TtraffRobotInstall-7605656-0 and the ML classifier output strongly suggest malicious intent. The embedded URLs are likely used to distribute further malicious content or for SEO spamming.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://hblogix.com/uploads/1/3/0/6/130621068/824713.pdf
- http://puppyregistrationpapers.com/uploads/1/3/0/6/130621461/xubaxugapiwuz-jakuvoxumiw.pdf
- http://sopela.fazenda2.ru/uploads/2020/01/28/todubixudiw.pdf
- http://gepilak.baksmans.club/uploads/2020/01/27/tatejixejafefud-getewovorejegap.pdf
- http://joduxe.letstakemetoad.com/uploads/2020/01/29/xureneramubako.pdf
- http://kaba.pochka.info/uploads/2020/01/27/zolasuwotu.pdf
- http://markbarun.com/uploads/2020/01/27/bubopamidororokudu.pdf
- http://buildyourbody.online/uploads/1/3/0/2/130289738/099dc2ff2c47.pdf
- http://masterlibrary-staging.com/uploads/1/3/0/4/130476346/4ceeceed.pdf
- http://fuz.pansionat-chaika.com/uploads/2020/01/29/384e60495605.pdf
- http://atimer.net/uploads/2020/01/28/239418.pdf
- http://lutavuteg.populair-cyber.com/uploads/2020/01/27/ae3dd1.pdf
- http://zenoru.macronbit.com/uploads/2020/01/27/1129a934b.pdf
- http://bartschcchs.com/uploads/1/3/0/4/130489038/furufibokebixigil.pdf
- http://japservicesllc.com/uploads/1/3/0/2/130291702/4961312.pdf
- http://danhixsonphotography.com/uploads/1/3/0/2/130271031/giziribovovasilawu.pdf
- http://pibhortolandia.org/uploads/2020/01/27/zanijugerus-juniv.pdf
- http://3dwear.ph/uploads/1/3/0/2/130272932/2371231.pdf
- http://harveyjettmusic.com/uploads/1/3/0/2/130272886/1473375.pdf
- http://toma.accessory-app.com/uploads/2020/01/29/dc24cdc5b2.pdf
- http://sadaxix.stoneprocessingtool.ru/uploads/2020/01/29/jozipixu_kinirunale_gekebifa_ridexa.pdf
- http://mununek.csgowins.pw/uploads/2020/01/27/pawerop-ridazof-mumusijifa-moduzupazu.pdf
- http://vedix.nemcolombia.com/uploads/2020/01/27/79aac31b88.pdf
- http://lhfieldfamilyfdn.org/uploads/1/3/0/4/130483265/pewukalup.pdf
- http://misbailes.com/uploads/1/3/0/2/130291596/130291596.html#dhaker+bajna+durga+puja+free
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off000058cb.binb514fd8cc63ad9e749f69936230c1c2bf0773f94f5441a32f3e393ebf7cffcfc |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x58CB | 18840 bytes |
font_00_sfnt_off000016dc.bin5e6b080f905d4f6e1d823fb21d4e683393cb16a5c65cdd830995b0f3244f4f21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16DC | 7688 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.