MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The heuristic 'PDF_SEO_LINK_FARM' indicates the presence of numerous external links, suggesting a phishing or spamming campaign. The 'SE_DOWNLOAD_BUTTON' heuristic further supports the idea that the document is designed to trick users into downloading content. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://rapidrefillsantacruz.com/uploads/1/3/0/5/130543346/8744813.pdf
- http://invisiblehandconsulting.com/uploads/1/3/0/8/130813948/poninumavoj.pdf
- http://eleanorpersonaltraining.com/uploads/1/3/0/8/130814868/5277533.pdf
- http://enzymeforce.com/uploads/1/3/0/9/130969371/lufino.pdf
- http://occiv.com/uploads/1/3/0/5/130550915/luninemire-boleverax-gilivib-xejotakasur.pdf
- http://www.hedgehoggeneralstore.com/uploads/1/3/0/6/130621940/8d39d.pdf
- http://www.dmjmasonrywny.com/uploads/1/3/0/6/130621730/tagepaxoges.pdf
- http://shahrizai.com/uploads/1/3/0/9/130969323/peguduranefusiki.pdf
- http://queenalexandra78ave.com/uploads/1/3/0/6/130604528/3032842.pdf
- http://dearcharlytravel.com/uploads/1/3/0/2/130287503/pigakifobubudiri.pdf
- http://lifeandlandscapesphotography.com/uploads/1/3/0/6/130604923/wufukewezon.pdf
- http://faulknerproducerservices.com/uploads/1/3/0/9/130969774/7357895.pdf
- http://hellofriendrecords.com/uploads/1/3/0/6/130604944/lotonilisepato_wupoma_zomusalatu.pdf
- http://www.ochooked.com/uploads/1/3/0/4/130476317/doxunodofim_sasodex_xakiwolawen_mirotodo.pdf
- http://www.theheathrowhotel.com/uploads/1/3/0/6/130621850/juwaporukel_zijipavadoxa_buxalok_laviwetulipop.pdf
- http://webuildcapital.com/uploads/1/3/0/4/130476589/f63d6.pdf
- http://intelisched.com/uploads/1/3/0/6/130620690/lupil-kadavoru.pdf
- http://controlfreex.com/uploads/1/3/0/5/130539448/8824247.pdf
- http://threadsolelife.com/uploads/1/3/0/4/130436439/kafupud.pdf
- http://connectingcoffee.com/uploads/1/3/0/2/130270980/vezolowuroxaw-soverome.pdf
- http://carpetlands.com/uploads/1/3/0/6/130639161/14d81ecf0ae1c.pdf
- http://ioinnovative.com/uploads/1/3/0/7/130776500/gupajukupok.pdf
- http://kbckc.org/uploads/1/3/0/6/130639240/130639240.html#taj+company+16+line+quran+pdf+download
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00002cbd.bin5e39c824f7f4174c747a3bfc345858de070c227680d45ba38da573e9e7073750 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2CBD | 18244 bytes |
font_01_sfnt_off00004b1b.bin3b1d8954ac8eea5e2575e8f8dbaf8caae091d2c9091f28f543b43d0a3d2d760c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4B1B | 8304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.