MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. ClamAV identified this as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', and an ML classifier also flagged it as malicious. The document body, though heavily obfuscated, contains some of these URLs, reinforcing the link farm attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://hostmaster.phyllisbeckkatz.com/uploads/1/3/0/5/130539255/45d179140b.pdf
- http://mznaturallypatriciallc.com/uploads/1/3/0/5/130544746/3684481.pdf
- http://findthatpartyplanau.net/uploads/1/3/0/2/130287942/wirogadavarosid.pdf
- http://lets-split.com/uploads/1/3/0/5/130543985/50c5d8ee.pdf
- http://nataliegracewagner.com/uploads/1/3/0/2/130289305/3874697.pdf
- http://referenceobscura.com/uploads/1/3/0/7/130774972/743f00ecb51e.pdf
- http://www.ronballalandscape.com/uploads/1/3/0/3/130323180/faxoxevotisipuf.pdf
- http://plexormarketing.com/uploads/1/3/0/5/130551994/zexal_nusosijunif_gonoxodabi.pdf
- http://inthehoopembroiderydesigns.net/uploads/1/3/0/5/130588213/banozono-negefap-bupurusupawu-wujugepusu.pdf
- http://www.equitab.eu/uploads/1/3/0/5/130551153/fatiwalududis.pdf
- http://guitarwhisperershop.com/uploads/1/3/0/5/130589037/jaruganalenopagononu.pdf
- http://niehusactuary.com/uploads/1/3/0/6/130621114/ruximaferunulowafiz.pdf
- http://buswell.ca/uploads/1/3/0/5/130588579/3594053.pdf
- http://alanmg.com/uploads/1/3/0/6/130639976/6280380.pdf
- http://www.sheu.eu/uploads/1/3/0/4/130483494/zavaw_vatip_fakit_govifipeke.pdf
- http://becauseprosknow.com/uploads/1/3/0/5/130589145/fewofuxozafo.pdf
- http://citywidevalet.com/uploads/1/3/0/4/130490410/bofotofesalelit.pdf
- http://bootthemoffline.com/uploads/1/3/0/5/130590168/vudopupedemabug.pdf
- http://nomoremessingaround.com/uploads/1/3/0/6/130621847/kurokese.pdf
- http://adaassurance.net/uploads/1/3/0/8/130814124/virakotajagal.pdf
- http://estudiorins.net/uploads/1/3/0/6/130604739/2737613.pdf
- http://solver360.com/uploads/1/3/0/2/130287238/2692398.pdf
- http://midentistadepuebla.com/uploads/1/3/0/3/130379174/zoxuwazipulibu_kujixetosa.pdf
- http://ortaklargrup.net/uploads/1/3/0/4/130491075/natima.pdf
- http://somasoakcanada.com/uploads/1/3/0/6/130639396/magage-wubajebifut.pdf
- http://host201.carmichaelnl.com/uploads/1/3/0/4/130435857/130435857.html#structural+steel+weight+calculation+table
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000107c.bin444a6ccb06c1b122307130073eb544d5f9a2d30f471ec419264697d3d1d7afd1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x107C | 8000 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.