MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links to external PDF files hosted on various domains. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly suggest malicious intent. The document body, though heavily obfuscated, appears to be related to data import queries, potentially a lure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://redmaplecelpipedu.com/uploads/1/3/0/7/130739761/zupiniwigetaz_vitules.pdf
- http://tagmasters.us/uploads/1/3/0/6/130604977/widixoguvosixud.pdf
- http://joy-fully.net/uploads/1/3/0/8/130873842/72ae6df5ec65b2.pdf
- http://blackdogcottagepublishing.com/uploads/1/3/0/5/130550760/59650.pdf
- http://monsieurbidule.com/uploads/1/3/0/5/130543877/650146.pdf
- http://buildingonbookspodcast.com/uploads/1/3/0/6/130604878/8b7b477e8.pdf
- http://benahbricks.com/uploads/1/3/0/2/130271152/8866aa266b85f35.pdf
- http://www.nova-tourism.com/uploads/1/3/0/4/130436196/5f6210c9f96.pdf
- http://financewebtop.com/uploads/1/3/0/3/130323566/navuxo.pdf
- http://extentrics.com/uploads/1/3/0/2/130272291/e2d37.pdf
- http://lisascentralcoast.com/uploads/1/3/0/3/130323908/7b677.pdf
- http://mta-sts.mx.valkyriefineart.com/uploads/1/3/0/2/130288630/9896608.pdf
- http://swclink.org/uploads/1/3/0/4/130476672/4993872.pdf
- http://www.offertissima.net/uploads/1/3/0/2/130274256/nenewo.pdf
- http://sarahrileypottery.com/uploads/1/3/0/3/130312965/c0587e2feb.pdf
- http://fbom.org/uploads/1/3/0/5/130551957/ec26950afbbbbf.pdf
- http://jwgfitness.com/uploads/1/3/0/5/130538870/8031143.pdf
- http://aandspro.com/uploads/1/3/0/8/130813982/4352356.pdf
- http://3dmarinerswalk.com/uploads/1/3/0/5/130545998/930f030.pdf
- http://txkicks.shop/uploads/1/3/0/4/130490461/kadinelezurebavi.pdf
- http://foundationsblackhistory.org/uploads/1/3/0/2/130289290/7791847.pdf
- http://mta-sts.mail.tripleslickwax.com/uploads/1/3/0/2/130271143/26746f0a22a9e14.pdf
- http://breakawayfire.com/uploads/1/3/0/8/130873784/gitoxana-mizuvorebi.pdf
- http://uploadspeedtest.com/uploads/1/3/0/7/130775455/zegufifiro-nasodimu-sujupegarusukeg.pdf
- http://getcached.com/uploads/1/3/0/2/130274376/3c27872165.pdf
- http://02kkkk.brdge.org/uploads/1/3/0/6/130620927/130620927.html#how+do+i+import+data+from+a+pdf+file+into+excel
- http://redmaplecelpipedu.com/uploads/1/3/0/7/1307397
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000578f.bin2ad61d020f5fe168e663f4c6fb67e29461954f92e178a28d9bc778aad36b18d4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x578F | 8340 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.