MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF was flagged by multiple heuristics, including a critical alert for a link farm containing 28 external PDF links, and a high-confidence ML classification. The embedded URLs, such as http://estadosdepagos.com/uploads/1/3/0/7/130776898/4776258.pdf, strongly suggest a phishing or malware distribution attempt by redirecting users to potentially malicious content. No scripts were extracted, but the sheer volume of linked PDFs indicates a coordinated effort to lure victims.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://estadosdepagos.com/uploads/1/3/0/7/130776898/4776258.pdf In PDF document text
- http://washingtonchoice.org/uploads/1/3/0/3/130323930/kadivetuxosiv.pdfIn PDF document text
- http://poeonline.net/uploads/1/3/0/5/130588266/4662126.pdfIn PDF document text
- http://letmejustwrite.com/uploads/1/3/0/6/130640150/zuxelikisenu.pdfIn PDF document text
- http://canniny.com/uploads/1/3/0/4/130435746/sigoveguj-tobexawuz-jonewofofunusi.pdfIn PDF document text
- http://thefilterswap.com/uploads/1/3/0/8/130874009/tuluresazakozop.pdfIn PDF document text
- http://ardmoreccc.org/uploads/1/3/0/6/130620958/makimugemel-dutitixirijas-muxezukaroja.pdfIn PDF document text
- http://shrinedads.com/uploads/1/3/0/3/130379354/2684764.pdfIn PDF document text
- http://kenkeefe.com/uploads/1/3/0/5/130543133/logeruniwefetekifomi.pdfIn PDF document text
- http://rentsfnow.net/uploads/1/3/0/2/130288644/polaga.pdfIn PDF document text
- http://jalksjdlfkjslkjf01.space/uploads/1/3/0/7/130775392/nifomozupewiso_fapodukiri_gopibujim.pdfIn PDF document text
- http://riotthink.com/uploads/1/3/0/5/130588518/fevinelus.pdfIn PDF document text
- http://jerseyreach.net/uploads/1/3/0/4/130476076/0513c624a.pdfIn PDF document text
- http://cladnh.com/uploads/1/3/0/3/130313108/lokifatodabuwefib.pdfIn PDF document text
- http://httpwww.muzzlemagazine.com/uploads/1/3/0/6/130639110/130639110.html#abdomen+anatomy+ct+scanIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001560.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1560 | 8688 bytes |
SHA-256: aa80f1ba47fc7dbc4cb0158fd14dab8e1f82f63c4ba1f7d87f80c05020880422 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.