MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV detected this as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', and a machine learning classifier also flagged it as malicious. The primary attack pattern involves directing users to a vast link farm of other PDFs.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://farmerspizzeriaqueens.com/uploads/1/3/0/5/130550756/rarizi.pdf
- http://www.en-studenica.org/uploads/1/3/0/4/130483389/napubajo-lajuwoxop.pdf
- http://64-148-55-34.tfpackagers.com/uploads/1/3/0/6/130604255/614b5ee51fea9.pdf
- http://nomadiccollege.com/uploads/1/3/0/5/130550665/2815770.pdf
- http://thevisionaryteacher.com/uploads/1/3/0/7/130740086/9865431.pdf
- http://oklahomatraffictickets.com/uploads/1/3/0/7/130740530/noxunaxi.pdf
- http://www.benoitclerc.com/uploads/1/3/0/7/130739072/7032846.pdf
- http://motorcityracing.shop/uploads/1/3/0/4/130476671/2564fc.pdf
- http://thegenerousheart.org/uploads/1/3/0/4/130483322/rutisonopulu_piromemanu_losode.pdf
- http://techie-designs.com/uploads/1/3/0/3/130379561/jetemibefejakowap.pdf
- http://sadmac.org/uploads/1/3/0/6/130621178/wumasoris_bagosaximexoged_fosonepud_sofetiwewat.pdf
- http://nbmanagement.org/uploads/1/3/0/4/130494059/50934.pdf
- http://servitusstudios.com/uploads/1/3/0/8/130814462/posigu.pdf
- http://www.bearbathrooms.co.uk/uploads/1/3/0/2/130287893/17010c4328a4a60.pdf
- http://dinformresa.se/uploads/1/3/0/6/130620460/fd3ad5.pdf
- http://crumbsycookie.com/uploads/1/3/0/6/130639664/6692322.pdf
- http://conniescatering.com/uploads/1/3/0/6/130621215/xepemisejixidigis.pdf
- http://brooklyneventstudios.com/uploads/1/3/0/6/130621808/0f3421.pdf
- http://zelins.website/uploads/1/3/0/8/130814121/loxumi.pdf
- http://lacefrontalhouston.com/uploads/1/3/0/8/130813849/2835200.pdf
- http://ktrpo.com/uploads/1/3/0/3/130323180/a421946d97d4d51.pdf
- http://metconeng.ca/uploads/1/3/0/7/130775724/xixobigerete.pdf
- http://my-healthjournal.com/uploads/1/3/0/5/130539660/bifakuledomu-xowikowuwunes-jazawib-weduzikupebak.pdf
- http://ekki.co/uploads/1/3/0/6/130620881/8b1b59c4b.pdf
- http://www.vcarrill.com/uploads/1/3/0/7/130740068/vugoweneti_mefuxaganu.pdf
- http://foodcourtrestaurant.com/uploads/1/3/0/5/130542770/130542770.html#alice+in+wonderland+story+in+malayalam+pdf
- http://www.adobe.com/).Noto
- http://www.google.com/get/noto/http://www.adobe.com/type/This
- http://scripts.sil.org/OFLNoto
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004453.bin43f96ca5596d42651626a593fba5e719d28ad81232e5ebf74be8539b3ca86977 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4453 | 11708 bytes |
font_01_sfnt_off000112dd.bina2bc39c107693ee7ed457f215cd0fad5d3adac8cd1e07908cfeba8447e6a9b6a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x112DD | 4992 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.