MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The file is a PDF document that contains multiple embedded URLs. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly indicate malicious intent, likely phishing or malware distribution. The embedded URLs point to external resources, suggesting a delivery mechanism for further malicious content. No scripts were extracted, but the PDF structure and embedded URIs are sufficient to infer a phishing or downloader attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://fonestalve.com/uploads/1/3/0/7/130776594/fikupeka-joviwelaguku-mipibel-gevetunodutazu.pdf
- http://dapilanuxa.tandifac.tech/uploads/2020/01/29/133107.pdf
- https://zofepomijatevid.weebly.com/uploads/1/3/0/2/130271229/bd6e608f496.pdf
- http://foundermachine.org/uploads/1/3/0/4/130478709/zevemo-diwefinexav-pirirolu.pdf
- http://parksphotography.co.nz/uploads/1/3/0/5/130589371/6adee60.pdf
- http://blockchainambassador.ca/uploads/1/3/0/4/130488286/130488286.html#perianal+abscess+treatment+uk
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000010cb.binecbc9e375b8d4273071d7a9068757aa721f01e945e4aed41084adbae1394e9f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CB | 7652 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.