MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document was flagged by ClamAV as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and exhibits a critical heuristic for a PDF link farm. The document body contains garbled text related to courier tracking, suggesting a lure. The numerous embedded URLs point to external PDF files, indicating a likely attempt to redirect users to malicious or SEO-manipulated content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://home.delhel.com.pe/uploads/1/3/0/3/130323585/5320757.pdf
- http://www.kellyhullaho.com/uploads/1/3/0/4/130488244/3444903.pdf
- http://sperorebuilt.com/uploads/1/3/0/7/130739162/tirigijazorab.pdf
- http://knllongwood.com/uploads/1/3/0/3/130313470/7911482.pdf
- http://clickclackfitness.com/uploads/1/3/0/7/130776824/pikikepofumozimusiw.pdf
- http://drinkresponsively.net/uploads/1/3/0/6/130620542/zewiwugemaloliser.pdf
- http://clinicaderesultados.com/uploads/1/3/0/6/130603927/wurisaxuwesanu.pdf
- http://dealswithdessy.com/uploads/1/3/0/7/130775567/suvetotojogixakurodi.pdf
- http://christiancoelho.com/uploads/1/3/0/9/130969545/mowotimumodu-pabilokas.pdf
- http://ocholistictherapy.com/uploads/1/3/0/7/130776314/wojefal_sidugibusufa_vabowin.pdf
- http://cairnsretreats.com/uploads/1/3/0/2/130287920/fcf473c47.pdf
- http://singaporetaobaospree.com/uploads/1/3/0/7/130739935/5ce94bef4.pdf
- http://www.drjeanluc.com/uploads/1/3/0/3/130323116/3796573.pdf
- http://aly-raisman.info/uploads/1/3/0/5/130588614/9f35e45a8a549.pdf
- http://know-aging.info/uploads/1/3/0/2/130272505/pakukositorut.pdf
- http://artsfordementiajapan.net/uploads/1/3/0/5/130538994/rupuselibosowepuga.pdf
- http://www.lanesliquidation.com/uploads/1/3/0/6/130603767/fuviboji-rulopuvabolezal-sabive-wogananozolaz.pdf
- http://sookeyhairextensions.com/uploads/1/3/0/3/130323268/pezaso-vipewoje-xavifazifoj-mupudazazabik.pdf
- http://www.dev.chorusaustin.org/uploads/1/3/0/6/130620778/pafapovomos_vukazel_tetobe.pdf
- http://orchardstar.us/uploads/1/3/1/0/131070062/deddf951c.pdf
- http://rotulossantiago.com/uploads/1/3/0/5/130590608/tupakes.pdf
- http://rachaelcrossman.com/uploads/1/3/0/7/130738972/2680496.pdf
- http://neo-water.net/uploads/1/3/0/7/130775763/tuzomiwuvatov-jiwutil-noxoxi-lisufavutatis.pdf
- http://girishchavan.net/uploads/1/3/0/5/130550797/bogipigegekibo-titikibepel-nakale.pdf
- http://www.larsonpaintings.com/uploads/1/3/0/2/130289676/5308217.pdf
- http://unique-security-solutions.com/uploads/1/3/0/6/130639904/130639904.html#dhl+air+waybill+courier+tracking
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000314c.binec0e507a64e3eca8e578a857bf5ee7ef374409ea338a2e95cc0d85edcfc5894d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x314C | 7956 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.