MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, as malicious. The PDF_SEO_LINK_FARM heuristic indicates a large number of embedded external links, with the first identified link being http://mjacoby88.com/uploads/1/3/0/7/130738684/7652912.pdf. This suggests the document is designed to lure users into clicking these links, likely leading to phishing pages or further malware downloads.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mjacoby88.com/uploads/1/3/0/7/130738684/7652912.pdf
- http://qutasa.com/uploads/1/3/0/8/130814526/lanunetezerasok.pdf
- http://mergeperfect.com/uploads/1/3/0/6/130605416/lurivepuna.pdf
- http://allstarroad.com/uploads/1/3/0/7/130776047/fcedc7342be08b.pdf
- http://andykennedyhomes.com/uploads/1/3/0/8/130815664/7750586.pdf
- http://neoshirtco.com/uploads/1/3/0/2/130271207/bison.pdf
- http://mossfrogoutfitters.com/uploads/1/3/0/6/130640063/develanurapena_mizimipesoguz_zakezipe.pdf
- http://midicicastlerock.com/uploads/1/3/0/7/130775843/pivevawusef.pdf
- http://justinbdennis.com/uploads/1/3/0/7/130776006/4538627.pdf
- http://musicspabox.com/uploads/1/3/0/6/130621431/431ec.pdf
- http://milledlogs.com/uploads/1/3/0/5/130541065/jexukivutema.pdf
- http://agoffacademy.com/uploads/1/3/0/5/130539022/312528.pdf
- http://miguelonmusicproductions.com/uploads/1/3/0/4/130435531/gozurebu_godopav_levonaw.pdf
- http://bluffcreekfarmsbedandbreakfast.com/uploads/1/3/0/7/130738722/lubibamevabekezunu.pdf
- http://liquorlawsvt.com/uploads/1/3/0/8/130814062/rirasosixula.pdf
- http://bethmccash.com/uploads/1/3/0/3/130313117/tixovab.pdf
- http://edmontonadr.com/uploads/1/3/0/5/130590724/zujogesunulem.pdf
- http://masterboon.org/uploads/1/3/0/7/130775328/sidezanoveneme-lujutiwaredupu-xuxuzavumed.pdf
- http://canyonman.org/uploads/1/3/0/2/130271121/7806515.pdf
- http://ilovestan.info/uploads/1/3/0/8/130873932/vefalaganewene-forotozo-bufitodononev.pdf
- http://chicagotoeflschool.com/uploads/1/3/0/6/130620736/tesin-gosaxifavet-zopipejup.pdf
- http://ponderosatree.com/uploads/1/3/0/6/130603731/rosalodunezevibevawo.pdf
- http://angelahardison.online/uploads/1/3/0/2/130289510/tarazunisigelibuta.pdf
- http://ancestryseekers.com/uploads/1/3/0/7/130740625/nepimifodil_sewegexegonivaj_fetiturefidapop_xuwetelefegamuk.pdf
- http://naturallifearchive.org/uploads/1/3/0/7/130775744/6764540.pdf
- http://beaverdamchurchonline.org/uploads/1/3/0/6/130605312/130605312.html#esl+vocabulary+worksheets
- http://neoshirt
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003c37.bin81d32fbda08254ebe620b86ad324ce2a2470d5472698e02dd71308f6558ecb33 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C37 | 8920 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.