MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. ClamAV also detected this file as Pdf.Phishing.TtraffRobotInstall-7605656-0, suggesting a phishing or traffic redirection intent. The ML classifier strongly agrees with the malicious verdict. The primary attack pattern involves redirecting users to a vast array of external PDF documents hosted on numerous domains.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ay-kay.com/uploads/1/3/0/2/130272424/91d27c97ac03.pdf
- http://metrogovernance.com/uploads/1/3/0/5/130588546/gazapupig.pdf
- http://www.my800waterdamage.com/uploads/1/3/0/7/130775215/movokutuveviko.pdf
- http://idutur.org/uploads/1/3/0/8/130873983/jexasuwawesifo.pdf
- http://sylteszeri.com/uploads/1/3/0/2/130289799/vejupasojolaw-kubusubob-turupol.pdf
- http://notforprophet.net/uploads/1/3/0/5/130551464/9281361.pdf
- http://anitaleverarttherapist.com/uploads/1/3/0/4/130477490/1959871c9a8.pdf
- http://westcoastkittens.com/uploads/1/3/0/3/130323157/3465808.pdf
- http://www.envoyclaimsolutions.com/uploads/1/3/0/6/130603853/9023094.pdf
- http://www.housemusicyorkshire.co.uk/uploads/1/3/0/6/130639385/c94d01a40517.pdf
- http://dayscreekschools.com/uploads/1/3/0/5/130543261/9564646.pdf
- http://ssjo.org/uploads/1/3/0/6/130639776/nesimekekujaju_wupinoduxi.pdf
- http://michalpaczkowski.com/uploads/1/3/0/4/130476572/wesomafenubero.pdf
- http://multiples.media/uploads/1/3/0/7/130776760/e70cb9d305f.pdf
- http://essteamlab.com/uploads/1/3/0/2/130289493/kijajilebolu.pdf
- http://3mdentallab.com/uploads/1/3/0/6/130621212/e653cac5e4d81.pdf
- http://sydneycornerstone.org/uploads/1/3/0/7/130776385/ruvedusaxep.pdf
- http://www.tagdogtraining.com/uploads/1/3/0/7/130738837/kamek.pdf
- http://managedservicessacramento.support/uploads/1/3/0/6/130604090/4260bfc826.pdf
- http://doodlebugblessingsgoldendoodles.com/uploads/1/3/0/2/130271019/fibufifufakoru_sukogavekofi_rabibal.pdf
- http://crhardscape.com/uploads/1/3/0/2/130272086/7239539.pdf
- http://angstmanartistry.com/uploads/1/3/0/4/130483513/8aef22f027a9.pdf
- http://sheriahernphotography.com/uploads/1/3/0/5/130544243/meradaxipu-dewawawo-taxufezubalere.pdf
- http://saintjameslakecity.org/uploads/1/3/0/6/130639270/rojejifatiduvaf_jadajuzaze_zejenemuma.pdf
- http://peterclaytonwriter.com/uploads/1/3/0/5/130589048/8591367.pdf
- http://royal1688.lucky1st.com/uploads/1/3/0/7/130776182/130776182.html#secondary+prophylaxis+for+rheumatic+fever
- http://ssjo.org/uploads/1/3/0/6/130639776/nesimekekujaju_wupi
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003334.bin6dc6e07f93ae70488a19e8a398a1c6cda2f5723fc3d3cbe180c5afbb10c3611e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3334 | 2864 bytes |
font_01_sfnt_off00003fbc.bin123595519f13b9f524da6f51a7df1e27bf12758c0fc958ec62eb8919968f4cb0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3FBC | 7788 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.