MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded external links, detected by the PDF_SEO_LINK_FARM heuristic. These links point to various domains, suggesting a coordinated effort to distribute content or manipulate search engine results. The ClamAV detection and ML classifier also strongly indicate maliciousness, with the ClamAV signature pointing towards a phishing or traffic redirection scheme.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://akcustomart.com/uploads/1/3/0/2/130273790/cb1fd10cb6cead7.pdf
- http://acreditleap.com/uploads/1/3/0/4/130489157/991d42aef8120.pdf
- http://asknoonan.com/uploads/1/3/1/0/131069759/kalemezuribikifatuw.pdf
- http://mx.lcmasonry.com/uploads/1/3/0/5/130588480/zelijakilupegu_zovelurosemenud_dirasu_gojuwisunewaguk.pdf
- http://webmail.hanskombucha.com/uploads/1/3/0/6/130604151/9b29f42d50a174.pdf
- http://deadbikerssociety.net/uploads/1/3/0/4/130483552/767136.pdf
- http://hopeafterlossorganization.com/uploads/1/3/0/6/130639281/6962027.pdf
- http://www.iamuiuc.com/uploads/1/3/0/4/130489367/sireke_megarimoli_funuguk.pdf
- http://gasparillagears.com/uploads/1/3/0/6/130621470/jesaxaruwelomi.pdf
- http://www.alterendo.fr/uploads/1/3/0/4/130476432/sejapu_ravivud_gawunufared_xerizijuwabupi.pdf
- http://www.oude-egypte.nl/uploads/1/3/0/7/130738765/zowipewipobifubiw.pdf
- http://kidneyrecipes.net/uploads/1/3/0/6/130620881/8d3948dc5283.pdf
- http://advisoryadvocacycare.org/uploads/1/3/0/6/130605120/jizukivakirune-vavugadipu.pdf
- http://rsgefaell.com/uploads/1/3/0/4/130488328/nefonixorumazefijo.pdf
- http://www.justforfundesigns.net/uploads/1/3/0/5/130543035/4823377.pdf
- http://psiloveyoga.org/uploads/1/3/0/5/130588880/muwovem.pdf
- http://musicaturing.com/uploads/1/3/0/2/130270752/verenifedavij_gaxeju_pobixaramajik_zulapegunafo.pdf
- http://barebeautypdx.com/uploads/1/3/0/7/130738988/wekuvob-mopabidejujiju-kuguzajop-xevulinukeweg.pdf
- http://bringyourgurltoworkday.com/uploads/1/3/0/3/130379757/bf482c73a.pdf
- http://theherosheart.com/uploads/1/3/0/2/130289265/matinobugoronop_xonobevolu_zuselejifakim.pdf
- http://timparkin.solutions/uploads/1/3/0/5/130539019/xujetigonoxobon_nadaki.pdf
- http://newyorksocialpages.com/uploads/1/3/0/3/130323341/vanesuliluvurikazup.pdf
- http://villascotti.com/uploads/1/3/0/6/130620478/9caeb.pdf
- http://theothersarahmoore.com/uploads/1/3/0/4/130435927/ribawugebudumemejodu.pdf
- http://1sx.brdge.org/uploads/1/3/0/7/130776433/130776433.html#adobe+acrobat+reader+dc+print+all+tabs
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003623.bind1699901cac6fc6229472b1e9683f1575dabfd8cb10a5bdb3110381bb58cd110 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3623 | 7508 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.