MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment
T1059.001 Command and Scripting Interpreter: PowerShell
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, as malicious. The PDF_SEO_LINK_FARM heuristic indicates the presence of a large number of external links, with the primary domain being keyofkaye.com. The document body contains garbled text, suggesting it is not intended for human consumption but rather as a vehicle for the embedded links. The primary attack pattern involves directing users to a vast network of external PDF files.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://keyofkaye.com/uploads/1/3/0/7/130776221/5653812.pdf
- http://astoryofsplendor.com/uploads/1/3/0/2/130289171/danelamegoxubi_poruzijolot.pdf
- http://mondokdentalmexico.com/uploads/1/3/0/5/130542875/29ffd0.pdf
- http://prettylittlewaistline.com/uploads/1/3/0/5/130542829/bexavo.pdf
- http://peakrescue.com/uploads/1/3/0/6/130603979/funibaki_toxobizerugil_wumuwotipa_bakakumiz.pdf
- http://www.dbtinsf.com/uploads/1/3/0/2/130270902/96e4c10f4734727.pdf
- http://norfolkeyephysiciansandsurgeons.com/uploads/1/3/0/7/130740464/3b3529932.pdf
- http://thecreekboutique.net/uploads/1/3/0/6/130604425/9b627054.pdf
- http://angiemoll.com/uploads/1/3/0/6/130639635/retatijo-gobosuvew.pdf
- http://buyasianart.com/uploads/1/3/0/5/130541641/1374705.pdf
- http://yq-wine.com/uploads/1/3/0/6/130620314/8121843.pdf
- http://vegasvoicelessons.com/uploads/1/3/0/7/130739540/8eb0674cdc51.pdf
- http://brushscription.com/uploads/1/3/0/6/130605420/5d87cf64.pdf
- http://olares.com/uploads/1/3/0/6/130620965/2303872.pdf
- http://ptechr.com/uploads/1/3/0/6/130621552/bejezilaselatugodape.pdf
- http://jointforcestrainingacademy.com/uploads/1/3/0/4/130483147/5648472.pdf
- http://engineerweekly.com/uploads/1/3/0/7/130740466/bdf676f2766f4.pdf
- http://mail.avian.dk/uploads/1/3/0/2/130272396/4a74ce9b29b16a5.pdf
- http://fatfightingmom.com/uploads/1/3/0/2/130291531/midafusizedapolodugi.pdf
- http://landforsaleinlafayettecountyms.com/uploads/1/3/0/4/130483349/pelaxo.pdf
- http://agriturismoariafina.com/uploads/1/3/0/6/130621607/xoziwifur.pdf
- http://findmoreroom.com/uploads/1/3/0/2/130287991/zokatege.pdf
- http://www.dianaconstruction.com/uploads/1/3/0/4/130476468/5585454.pdf
- http://dogsofthedowapp.com/uploads/1/3/0/4/130477702/jofenorononif-tomelima-bipofadot-kametemujax.pdf
- http://nzbcool.com/uploads/1/3/0/4/130476122/dixuwibowono.pdf
- http://29.bpmtc.com/uploads/1/3/0/5/130550895/130550895.html#ayurvedic+treatment+for+bulging+disc+in+lower+back
- http://keyofkaye.com/uploads/1
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000441e.binfb739920b03d31f98d6c802f94a8c96f8f7399a50353c5efc5889ce40317c481 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x441E | 8076 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.