MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a mass external link farm, with 25 links pointing to other PDF files hosted on various domains. The document body, though heavily obfuscated, appears to be a lure related to medical test pricing, aligning with the 'SE_INVOICE_LURE' heuristic. The primary attack pattern involves directing users to download further malicious content, likely to distribute malware or conduct phishing. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bimalitikiv.weebly.com/uploads/1/3/0/2/130291646/raxefa.pdf
- http://fkox.com/uploads/1/3/0/6/130620945/lupevaxegapaw-labotutux-nevago.pdf
- http://texasstocklawyers.com/uploads/1/3/0/2/130270855/2d60ecc.pdf
- http://beeldschermverhuur.nl/uploads/1/3/0/6/130622084/dejinuzegimez.pdf
- http://myrole.legal/uploads/1/3/0/5/130588272/89d6d5fb.pdf
- http://mrblacksmusic.com/uploads/1/3/0/2/130289515/3cea65cfd2e5072.pdf
- http://lackfocus.net/uploads/1/3/0/5/130588164/11dc9a7535f20c.pdf
- http://myturkishcoffee.com/uploads/1/3/0/6/130604742/9802280.pdf
- http://concordia-archives.net/uploads/1/3/0/2/130287238/wuvamiditikej-wikawemel-bufip.pdf
- http://oxfordcountyhouseclearance.co.uk/uploads/1/3/0/2/130289475/kajefalopi.pdf
- http://fillzenpillows.com/uploads/1/3/0/5/130551967/vejenagojilede-kagadalasowola-fadevibaji-xoxerovifujen.pdf
- http://arabshortfilmfactory.com/uploads/1/3/0/6/130621215/c0e2d3.pdf
- http://bestshop10.ru/uploads/2020/01/28/kovetupig_zijog_dejawibididun_sumokaro.pdf
- http://savethetreespdx.com/uploads/1/3/0/7/130739519/d55f7da92000ffd.pdf
- http://beyondbookkeeping.us/uploads/1/3/0/2/130272233/kapebujotepelom.pdf
- http://cookiesandfailure.com/uploads/1/3/0/6/130604180/8936611.pdf
- http://pensacolaaudiodocumentation.com/uploads/1/3/0/2/130289793/9405639.pdf
- http://babenow.com/uploads/1/3/0/6/130639212/pofokelafim.pdf
- http://fleabayers.com/uploads/1/3/0/4/130478520/fukokuwo-joloxib.pdf
- http://nebraskatowshow.com/uploads/1/3/0/6/130605312/mevebegutaninov.pdf
- http://mysteryplus.nl/uploads/1/3/0/5/130541272/1238118.pdf
- http://brookeholden.com/uploads/1/3/0/5/130589328/jekijikojiner.pdf
- http://burgerbattle.net/uploads/1/3/0/5/130588567/tutezugozeti.pdf
- http://radioholland.co.za/uploads/1/3/0/6/130603834/wefawukaz-fafuxajobofok-renazununu-zonofamobodi.pdf
- http://takingcareyoga.com/uploads/1/3/0/8/130813988/315de6.pdf
- http://nursingarmpillow.com/uploads/1/3/0/7/130739084/130739084.html#typhoid+test+price+in+lal+path+lab
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003dc4.bin1276682e0163a519b8e1de6962b47f70eff9cea382aa82305c72735ce47b044a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3DC4 | 8932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.