MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file was flagged by multiple heuristics, including a critical rule for a mass external PDF link farm and a ClamAV detection for phishing. The document body is heavily obfuscated, but the embedded URLs and the PDF_SEO_LINK_FARM heuristic indicate a likely attempt to manipulate search engine results or distribute malicious content via numerous external PDF links. The presence of many unknown-reputation URLs suggests a campaign to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://laudes.org/uploads/1/3/0/4/130476516/nilanegobokadevimu.pdf
- http://zhonghuayulechengdubowangzhan.f18.ebkf.org/uploads/1/3/0/5/130539373/zovoliwokum_vesomedodog_fagaga.pdf
- http://adentaitalia.com/uploads/1/3/0/3/130379341/somabofaxolabo-gurobi-gesatunol-doxanelepijira.pdf
- http://bbmae.com/uploads/1/3/0/2/130291371/wiwirakapezup-tuzulag-gatetib.pdf
- http://5calls.com.au/uploads/1/3/0/7/130739253/gujelimum-kibulosawozuwil-pesuf.pdf
- http://beckmannmediagroup.com/uploads/1/3/0/7/130739573/fulun.pdf
- http://ketoboxie.com/uploads/1/3/0/2/130289797/9852269.pdf
- http://farmerbillsorganicgardens.com/uploads/1/3/0/6/130605153/zudav.pdf
- http://nowbiz.net/uploads/1/3/0/7/130776741/mibisezutuzibawosa.pdf
- http://helpstagemyhouse.com/uploads/1/3/0/7/130776617/8570884.pdf
- http://fitrighthome.com/uploads/1/3/0/5/130551008/bepatona-vozovu.pdf
- http://noradragoon.com/uploads/1/3/0/6/130622009/gesiviwobebebi.pdf
- http://bowencreativelabs.org/uploads/1/3/0/3/130380084/9056549.pdf
- http://lettiemars.com/uploads/1/3/0/8/130874222/zapadixowegupo_pukuv_wedinemegobe_ronariluvofivi.pdf
- http://cookedwithhart.com/uploads/1/3/0/5/130551794/nawuxok.pdf
- http://soque.net/uploads/1/3/0/6/130621132/9384920.pdf
- http://www.betterlivingtransport.com/uploads/1/3/0/9/130969366/3132375.pdf
- http://timmaninstallatie.nl/uploads/1/3/0/3/130379246/8843939.pdf
- http://orockrotorua.co.nz/uploads/1/3/0/7/130775173/voxapoxomevifijom.pdf
- http://free-vibes.com/uploads/1/3/0/8/130814007/pugajalupuseno.pdf
- http://katiegbryant.com/uploads/1/3/0/5/130551611/b4a89.pdf
- http://livtrak.com/uploads/1/3/0/5/130550682/d9887137f2d74e.pdf
- http://wangshangqipaiyouxizhuanqian.br3h.com/uploads/1/3/0/4/130491699/130491699.html#english+to+chinese+medical+dictionary+with+pinyin+pdf
- http://www.adobe.com/).Noto
- http://www.google.com/get/noto/http://www.adobe.com/type/This
- http://scripts.sil.org/OFLNoto
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00002065.bin88bfb75b47fb138b6f61cabc56bbedecc79fcb7c35658b73dc2e91828e0934b4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2065 | 8768 bytes |
font_01_sfnt_off00003e72.bin5071a36c410dfb3074ba309801be9344c098aef2a30a6d87ddb80dbc0354c4aa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E72 | 7480 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.