MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded external links, a technique often used for SEO manipulation or to redirect users to malicious sites. ClamAV and ML heuristics confirm its malicious nature, specifically flagging it as phishing-related. The embedded URLs are the primary indicators of compromise.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://outdoorkidsacademy.com/uploads/1/3/0/6/130640146/wadepelo-xevipatobe-memuju-jinazenoxabu.pdf
- https://vuxebiwuteloza.weebly.com/uploads/1/3/0/2/130271158/da998.pdf
- http://nkfanexperience.com/uploads/1/3/0/5/130544072/kogujagasozim_dawiduj_jitevazemug_desawisame.pdf
- http://crazyjean.com/uploads/1/3/0/4/130492038/2824009.pdf
- http://moodlabnewlife.nl/uploads/1/3/0/5/130551559/130551559.html#fireeye+cyber+security+report
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001113.bina4a86db8717c4d5d175544c610ebd9a7c3b218c4725c4d3493d035ff7454ac32 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1113 | 9172 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.