MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links, identified as a link farm, suggesting a phishing or SEO manipulation tactic. The presence of a visual download button further supports the lure of downloading malicious content. ClamAV detection and ML classification confirm the malicious nature of the file.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://bikujimul.trk-kirovskiy.ru/uploads/2020/01/27/ruvujibupagiso_fevejevawug.pdf
- http://betterlifeloveleadership.com/uploads/1/3/0/6/130621113/sudebudixuj-jotukafudof-vusadekijes-sifuvozomes.pdf
- https://xedarodevaki.weebly.com/uploads/1/3/0/2/130272332/deparejowiwe.pdf
- http://skladovskij.ru/uploads/2020/01/28/raxakasejepit.pdf
- http://chalkboardbullies.com/uploads/1/3/0/4/130488700/4df04e5510.pdf
- http://lekaso.gentlyhug.com/uploads/2020/01/27/8177858.pdf
- http://advancedbrewingsystems.com/uploads/1/3/0/6/130639848/widoz.pdf
- http://re-electgregbeck2018.com/uploads/1/3/0/6/130620302/245104382fab2ba.pdf
- http://reverane.wizzi.ru/uploads/2020/01/28/metidok_petisi_tilegugepufiser.pdf
- https://botinepaja.weebly.com/uploads/1/3/0/2/130287441/rigipitutemapebupez.pdf
- http://koawarriors.com/uploads/1/3/0/5/130551374/8079718.pdf
- http://awardwinningjewelers.com/uploads/1/3/0/5/130588498/lekalow.pdf
- http://lambertassociates.net/uploads/1/3/0/6/130604627/makigug.pdf
- http://memphiscricketcup.com/uploads/1/3/0/2/130289359/982eb0cb0e403.pdf
- http://2000tractor.com/uploads/1/3/0/5/130551219/guzemutuw.pdf
- http://drstellamedicalintuitive.com/uploads/1/3/0/3/130323996/3490062.pdf
- http://lightcodesmusic.com/uploads/1/3/0/4/130476145/001db669a8.pdf
- http://panuwu.najiyagalimova.com/uploads/2020/01/28/pixonasitodosa.pdf
- http://trauma-toolkit.com/uploads/1/3/0/5/130547884/najirazirisibul_jetuj_vufofitu_kajaxetesito.pdf
- http://mawami.pandora-sales.ru/uploads/2020/01/27/nozawa.pdf
- https://sasebizuxawis.weebly.com/uploads/1/3/0/4/130483957/gifoguxemu.pdf
- https://raxewakab.weebly.com/uploads/1/3/0/4/130490277/3b3349073b7.pdf
- http://gija.mir-tattoo.ru/uploads/2020/01/29/2bc3bcd96188.pdf
- http://rudasesin.rusgame.pw/uploads/2020/01/27/4526726.pdf
- http://beingself-centered.com/uploads/1/3/0/5/130539139/130539139.html#vocabulary+for+general+ielts+writing+task+2
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000194a.bin6af69dac27ad4b0f8e2039162ec38b776eff42ebf3993d5ef230d3759dd6cacc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x194A | 8044 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.