MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF files. One of these links, http://casparmckeever.com/uploads/1/3/0/5/130547340/5959092.pdf, is highlighted as the first URL in the link farm. The SE_CALLBACK_LURE heuristic suggests a phishing or tech-support scam context, likely aiming to trick users into clicking the links. The ClamAV detection further confirms its malicious nature as Pdf.Phishing.TtraffRobotInstall-7605656-0.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://casparmckeever.com/uploads/1/3/0/5/130547340/5959092.pdf
- https://jiwakefe.weebly.com/uploads/1/3/0/4/130483918/bikoreba.pdf
- http://tizuwabome.psgessoibbaatend.site/uploads/2020/01/27/15db7.pdf
- http://garoruju.bosh.moscow/uploads/2020/01/27/9230758.pdf
- http://tugi.kresla-msk.ru/uploads/2020/01/28/sufud-tupofizalepirem-valolebovesore.pdf
- https://rodimebeveluki.weebly.com/uploads/1/3/0/3/130379475/sozumofumu-felofanego.pdf
- https://duzixikepur.weebly.com/uploads/1/3/0/2/130270834/muxodefoseme_wavuvo_xijuked_zojod.pdf
- http://mivug.tierheilbehandlung.com/uploads/2020/01/28/7f4dff4d3c0e2.pdf
- https://zonedajuto.weebly.com/uploads/1/3/0/2/130289577/fezuzi.pdf
- https://kosatesesem.weebly.com/uploads/1/3/0/4/130483638/samilobem_xogozu.pdf
- http://ketubotapa.0106shop01.fun/uploads/2020/01/27/c82ac3.pdf
- http://tuf.poste-tunisienne.com/uploads/2020/01/28/semalawiwur.pdf
- http://crusadegroup.org/uploads/1/3/0/5/130539336/xozepufixod_neluwupi.pdf
- http://hertruthinwords.com/uploads/1/3/0/5/130544147/wemufu_rakewo_rizojukewu.pdf
- http://rol.feerverk-spb.ru/uploads/2020/01/28/5897874.pdf
- http://mexufo.service-accesspt.com/uploads/2020/01/27/xedurosozumaju_fasipukeravasu.pdf
- http://100wwclickingcounty.org/uploads/1/3/0/5/130550794/mulomabegisamu.pdf
- http://valalafo.5w30.pro/uploads/2020/01/28/fudegoxibad_kudopovejaxege_sinozepafik_zedunupena.pdf
- http://rogu.indieban.com/uploads/2020/01/29/mapudikudubibusimabo.pdf
- http://mazu.livainrulit.ru/uploads/2020/01/28/mobomiwewi_fobegoboxigam_libunukazodifo_gamaxuguxejo.pdf
- http://votot.academy-millionaires.com/uploads/2020/01/28/810579.pdf
- http://zerekeguxi.kudbehar.com/uploads/2020/01/27/bfc15414a6.pdf
- http://sar-svet.ru/uploads/2020/01/28/187174487233.pdf
- http://dad.maquinariayequipoindustrial.online/uploads/2020/01/27/gesokoleva-vazaw-xixikomebalu-nitare.pdf
- http://michaelshusko.com/uploads/1/3/0/4/130436365/130436365.html#money+show+orlando
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001819.bin53f94ddbb38bbe544345f033d75d7e4c75d8006ac100ca463760cc6cc1cbccf3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1819 | 8500 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.