MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF file contains a large number of external links, identified as a 'PDF_SEO_LINK_FARM' heuristic. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic and ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further suggests a malicious intent, likely to trick users into downloading malicious content. The embedded URLs point to various PDF files hosted on different domains, indicating a distribution mechanism for phishing or malware.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://nintaipartners.com/uploads/1/3/0/6/130640020/lipunuvo.pdf
- http://thoriumvideo.com/uploads/1/3/0/7/130740080/8685030.pdf
- http://shannonsharper.com/uploads/1/3/0/6/130604304/8291138.pdf
- http://behinddaytona.com/uploads/1/3/0/6/130639242/wemetidotumaser-zadudiraxomi-fagadababe-sedikejuxeme.pdf
- http://tomryan.com.au/uploads/1/3/0/2/130272600/vonotabexafogevovid.pdf
- http://pecinkadumbachferri.com/uploads/1/3/0/4/130477839/witezudekufexupon.pdf
- http://mail.pdoapparel.com/uploads/1/3/0/3/130379266/misibogan_darekax_sakesofatitotuk.pdf
- http://chloe-communications.com/uploads/1/3/0/4/130476244/mazodelaxizad-dopugaga-waxura.pdf
- http://engrx.org/uploads/1/3/0/7/130739379/ribegi.pdf
- http://spcrete.com/uploads/1/3/0/6/130604803/wafunuj-fosakunawowas-fikipefis-wijutiva.pdf
- http://golfboardu.com/uploads/1/3/0/6/130620927/553be6a92.pdf
- http://mayday-press.net/uploads/1/3/0/6/130620479/435629.pdf
- http://mta-sts.shilohrescue.com/uploads/1/3/0/6/130620708/699abd979.pdf
- http://infininova.com/uploads/1/3/0/8/130813518/semegomus.pdf
- http://mx.sinkourship.org/uploads/1/3/0/5/130588654/1e83ec.pdf
- http://healthhabitsforundergraduates.com/uploads/1/3/0/8/130814189/wutamomeku.pdf
- http://introvertsrun2.com/uploads/1/3/0/6/130639030/kesiwu.pdf
- http://www.atelierlookbook.com/uploads/1/3/0/2/130272591/a51bef8abbcb5b8.pdf
- http://www.gritnglitter.shop/uploads/1/3/0/7/130739930/xukadavuzuvufod-nexemol-xifuporutelugak-midibevupimuse.pdf
- http://jpaulllc.net/uploads/1/3/0/4/130488820/tixipe.pdf
- http://canyoncitygrill.com/uploads/1/3/0/7/130776776/c37b6878.pdf
- http://stilwellsalesllc.com/uploads/1/3/0/6/130621352/6457808.pdf
- http://my914.com/uploads/1/3/0/8/130813025/nefadikosigomi.pdf
- http://famdevelopment.org/uploads/1/3/0/3/130323277/130323277.html#how+to+put+a+text+box+in+a+word+document
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000302b.bin41126fc877dfc0631ed947ff9fe414ad98e4efb7f639cd3ef62831f95cf97c30 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x302B | 7260 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.