MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1566.002 Spearphishing Link
The PDF file was flagged by multiple heuristics, including a critical finding for a link farm and a ClamAV detection for phishing. The ML classifier also strongly indicated maliciousness. The document body contains a reference to a brake caliper guide pin thread repair kit, which appears to be a lure. The primary attack pattern involves directing users to a large number of external PDF files hosted on various domains, likely for SEO manipulation or to distribute further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fanadelonilavo.weebly.com/uploads/1/3/0/3/130313641/pobuxi.pdf
- http://sflat.net/uploads/1/3/0/2/130271154/getoxe.pdf
- http://comonativo.com/uploads/1/3/0/6/130603748/ziwukaten.pdf
- http://votepedrini.com/uploads/1/3/0/4/130478709/fumanatiwes.pdf
- http://imperiya.top/uploads/2020/01/28/rezerisiw-zujiv-rodoxegujuruluf.pdf
- http://boylepublichealth.com/uploads/1/3/0/2/130287426/paline_gugaran.pdf
- http://missannamariebarrios.site/uploads/2020/01/29/9465792.pdf
- http://beantownscience.com/uploads/1/3/0/5/130541924/7333023.pdf
- http://bienvenufosterryanobannonlawllc.com/uploads/1/3/0/3/130324075/lupixoke_nokuzomopo.pdf
- http://tedramillan.com/uploads/1/3/0/6/130605173/kisugetoberogikilu.pdf
- https://majizaponejodoj.weebly.com/uploads/1/3/0/3/130313513/guburunejapusag_rimogowa.pdf
- http://semprav.ru/uploads/2020/01/28/417eae.pdf
- http://vipschoolofcosmetology.com/uploads/1/3/0/3/130313218/1019938.pdf
- http://zambiasafarihunting.com/uploads/1/3/0/2/130272233/nulefa_jexiluj.pdf
- http://plumbingleakprotection.com/uploads/1/3/0/6/130621060/c823f6e5d3928c1.pdf
- https://fogojozalixa.weebly.com/uploads/1/3/0/3/130313021/vodani.pdf
- http://duza.zhenskiedni.ru/uploads/2020/01/28/neguwipidovopokuf.pdf
- https://gebusapokamuger.weebly.com/uploads/1/3/0/4/130435988/dazuzofedejapaj-janarus.pdf
- http://zokibelega.jetblue-air.com/uploads/2020/01/27/mofezobu_gerijadegen_fodenekakebofe.pdf
- http://middleschoollessons.com/uploads/1/3/0/3/130379575/8459699.pdf
- http://disabilitymanagmentsolutions.ca/uploads/1/3/0/5/130550915/gererotutef-zizexamafefil.pdf
- http://directinservicetrainingtexas.com/uploads/1/3/0/5/130546415/nokitigizotunid_fomexujifiwogem.pdf
- http://nyforceacademy.com/uploads/1/3/0/2/130287976/6444300.pdf
- http://addressfox.com/uploads/1/3/0/5/130550789/d0cabae.pdf
- http://ankezimmermann.ca/uploads/1/3/0/4/130475981/a53ea071e7.pdf
- http://gomriz.com/uploads/1/3/0/6/130640145/130640145.html#brake+caliper+guide+pin+thread+repair+kit
- http://disabilitymanagme
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001807.binf7992489b338eafd1ad1ecdd60153c50bd6ec818bd8bfc4f5e0127459ec0f6ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1807 | 8172 bytes |
font_01_sfnt_off00005b92.bin3974891db8a4ec8ec2d7bd6096109588069a4504a1a2c6a6a63e29e83c6c02e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5B92 | 16232 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.