MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which strongly suggests a phishing or traffic-driving campaign. The ClamAV detection as Pdf.Phishing.TtraffRobotInstall-7605656-0 further supports this. The ML classifier also flagged the document with high confidence. The primary attack pattern involves directing users to a network of external PDF links, likely to host malicious content or phishing pages.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://hollisharred.com/uploads/1/3/0/2/130271013/xunerogik_pirenube_zifulata.pdf
- http://adelesousterart.com/uploads/1/3/0/3/130323236/bufopazokuxo.pdf
- http://condosinmanila.com/uploads/1/3/0/7/130740212/bifuwomelelit.pdf
- http://rikatsutsui.com/uploads/1/3/0/2/130288401/7259982.pdf
- http://myjessiereyez.com/uploads/1/3/0/5/130538994/gudebuvabi.pdf
- http://declareservices.com/uploads/1/3/0/8/130813899/652e10ab3c.pdf
- http://dofnelsonfaithfomation.com/uploads/1/3/0/5/130589014/lalaterul_jadap_pipipali.pdf
- http://astaplescarpenterforhireinc.com/uploads/1/3/0/4/130476035/wimalumilowugawi.pdf
- http://hostmaster.centremarembo.org/uploads/1/3/0/7/130739119/vemiwes-mikidejux.pdf
- http://rocketcitypreservation.com/uploads/1/3/0/7/130775813/1255605.pdf
- http://mixedattainmentteaching.com/uploads/1/3/0/7/130739538/jijivik-kixipi.pdf
- http://completehandymaninparis.com/uploads/1/3/0/6/130620232/874622.pdf
- http://downsideupphoto.com/uploads/1/3/0/2/130289305/7839934.pdf
- http://mattmortimerconstruction.com/uploads/1/3/0/2/130271171/2ea6d714b98a4.pdf
- http://ruthbavetta.com/uploads/1/3/0/5/130588288/9785219.pdf
- http://blueconstruction.net/uploads/1/3/0/6/130639076/zipuvoripav_zemikivufule.pdf
- http://creationsbyintention.com/uploads/1/3/0/3/130313345/gujiposifenami.pdf
- http://sloansinventories.com/uploads/1/3/0/6/130622022/fdee7c5cfa9.pdf
- http://canariasrural.net/uploads/1/3/0/6/130621531/viniwolamitur_vujuvufizim_zijuzotuj.pdf
- http://cpanel.brigcancercare.com/uploads/1/3/0/8/130814353/vimedanemivalu.pdf
- http://www.musclemechanicsbyamy.com/uploads/1/3/0/6/130620584/toriso_fatipug_raruga.pdf
- http://nottinghamkickboxing.com/uploads/1/3/0/5/130546354/d1bac751cbe16c.pdf
- http://24hourelectricianfl.com/uploads/1/3/0/3/130379371/5760162.pdf
- http://countrychunkiecandle.com/uploads/1/3/0/6/130621349/7d7c368c.pdf
- http://mreasthamclass.com/uploads/1/3/0/3/130323180/vusilitaniwawavuzar.pdf
- http://drpatty.net/uploads/1/3/0/6/130621873/130621873.html#maslow%E2%80%99s+hierarchy+of+needs+business
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000013da.binb35585b4ccc760eb664bcdc5c6c26efae51bd18ba32575a17db8583200db557e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13DA | 8568 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.