MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The file is a PDF containing multiple embedded URLs, identified by the PDF_URI heuristic. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly indicate malicious intent, likely phishing. The embedded URLs are the primary indicators of compromise, suggesting a lure to download further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://nweqf.com/uploads/1/3/0/6/130621707/3ca2d5b33dc7fb.pdf
- http://spiritofthehorsestables.com/uploads/1/3/0/6/130604887/8561661.pdf
- http://milotheclown.com/uploads/1/3/0/6/130639800/4915648.pdf
- http://ddeusa.com/uploads/1/3/0/3/130313388/jijodegimigigovixagi.pdf
- http://edgelandscapeandmaintenance.com/uploads/1/3/0/2/130289523/130289523.html#anemia+falciforme+genetica+recessiva
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000010fd.bin702c4a4b5f5e7391265a3fa92adfc8a10d05e2aa1167c88b104fd269210d126b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10FD | 11572 bytes |
font_01_sfnt_off0000846c.bin68ebea975fa2a80dc523585c500376769c9be9cb8c8404897e46f18d20b6acb0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x846C | 3032 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.