MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. The PDF_SEO_LINK_FARM heuristic specifically identified a large number of external links, with the primary domain being jaxifi.remstroi-metal.ru. This suggests the document's purpose is to act as a lure, redirecting users to potentially harmful content hosted on these external URLs.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://jaxifi.remstroi-metal.ru/uploads/2020/01/28/3c3aaa.pdf
- http://beautyh.pro/uploads/2020/01/28/bofosop.pdf
- http://dalidiwe.brainit.ru/uploads/2020/01/27/bapujafove.pdf
- http://bogolist.com/uploads/1/3/0/6/130639133/3401252.pdf
- https://joginezugetugu.weebly.com/uploads/1/3/0/5/130588304/2a53a38.pdf
- http://regalbakeryusa.com/uploads/1/3/0/6/130621865/juzezadilomojem_poxesemogajumi.pdf
- https://fujoramewozige.weebly.com/uploads/1/3/0/5/130551585/bagexixim-midakox-lafosoxurak.pdf
- http://dvoretc-masterov.ru/uploads/2020/01/28/5870480.pdf
- http://matakanacommunitygroup.online/uploads/1/3/0/3/130312920/telibuvowoxazenebi.pdf
- https://nigudesamad.weebly.com/uploads/1/3/0/3/130379523/kupakofadasi-divamudikejerox-pisirepuzulak-xutamalezasusur.pdf
- http://cakepopsbymaggie.com/uploads/1/3/0/5/130543980/xoduraz_sugokajamebexud.pdf
- http://quietpoppy.com/uploads/1/3/0/5/130590096/602280.pdf
- http://diocesanconvention2018.org/uploads/1/3/0/2/130291591/ropom-nexidovulavojen-fusukutovad.pdf
- http://moveonidiomes.com/uploads/1/3/0/4/130435649/2506593.pdf
- http://manchesterrecreationassociation.net/uploads/1/3/0/5/130538995/banizi-lezujujotamoge-dogogo.pdf
- http://sazawav.aerogarant.moscow/uploads/2020/01/29/8523947.pdf
- http://missrosieweddingsandevents.com.au/uploads/1/3/0/5/130590117/niwedax_kogekipuxozuno_nugapola_pites.pdf
- http://dedrickenterprises.com/uploads/1/3/0/5/130539270/xasezosis_zejev_jabizeviziwi_nefub.pdf
- http://seed2bowlfarm.com/uploads/1/3/0/5/130588294/130588294.html#elsword+bluhen+guide
- http://missrosieweddingsandevents.com.au/uploads/1/3/0/5/1305901
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001a4b.bin95cbcbab9dbd021e15737e0a28e852c172afdffc99f2e6e2926eb72c56b20208 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A4B | 9368 bytes |
font_01_sfnt_off00009bd9.bin3cf2e61d6a9a17d67058092f735344da68aafd773256a5c2a16702179a7e0181 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9BD9 | 1764 bytes |
font_02_sfnt_off0000a3fe.bin50224c6c483bfa86a10f62efd7baa2c756f8036c0a911ebd537387e21b2fb6f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA3FE | 2732 bytes |
font_03_sfnt_off0000acfe.bin779aa567746046747dac965df7fdfb06ff632674a0a99ce247a327bf89f0fa63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xACFE | 16036 bytes |
font_04_sfnt_off0000c229.bin4945efb75d44f8d086bbae062e4bd2fd76c9f46ce2d297a3bf145b98d4971634 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC229 | 10444 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.