MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF file contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ClamAV detection of Pdf.Phishing.TtraffRobotInstall-7605656-0 further supports a malicious classification. The primary attack pattern involves directing users to a network of linked PDF documents, likely for phishing or to distribute malware.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.datafilehost.com/d/f0e7ffc2
- https://www.datafilehost.com/d/95c65ecf
- http://bobogogeva.znamenitost.online/uploads/2020/01/28/5e0715df0b.pdf
- http://thepropertycoach.club/uploads/1/3/0/6/130620764/butarajo.pdf
- https://memuzekodu.weebly.com/uploads/1/3/0/5/130590537/sobiba.pdf
- http://rokizuwad.vipiski-besplatno11.icu/uploads/2020/01/28/nujugoduzukedisafuba.pdf
- http://kathyfitzsimmonsart.com/uploads/1/3/0/2/130271054/wewakegenupusiz-rekibogofavaka-pudoku-betixepinakuk.pdf
- http://medicinari-njemacka.com/uploads/1/3/0/6/130622120/7605447.pdf
- http://tibusunog.gate2019iitm.online/uploads/2020/01/28/8291435.pdf
- http://rebathofsouthlouisiana.com/uploads/1/3/0/3/130313746/kesimuzarin_xitanevazug_winafesanijoji.pdf
- http://jamepite.dsg-logistika.ru/uploads/2020/01/27/lapot-mosawuvozisejis-koruxusubosi.pdf
- http://restaurantatburdicks.com/uploads/1/3/0/4/130477135/mefixu_lidaloni_rosaluserese_jojuvorumapodum.pdf
- http://violafineartrental.com/uploads/1/3/0/2/130272513/7fa27bd06.pdf
- http://neilqiu.com/uploads/1/3/0/5/130590082/jatulovadisiveb_noxesorenoxiraz.pdf
- https://xebasuratevukeg.weebly.com/uploads/1/3/0/4/130476203/wujaw.pdf
- http://drommusic.com/uploads/1/3/0/3/130313247/7297538.pdf
- https://pepudenonibasi.weebly.com/uploads/1/3/0/4/130476298/nizobob.pdf
- https://rokatubarisi.weebly.com/uploads/1/3/0/2/130272940/miwosove-jowamuwuwonutex.pdf
- http://blackmarksproduction.com/uploads/1/3/0/6/130603866/kegitawosamamej.pdf
- http://tavur.systemcrm.ru/uploads/2020/01/29/gapivo-nezedezedan.pdf
- http://sikadewog.flewka.ru/uploads/2020/01/27/tezotosesot.pdf
- http://mezufuvum.activityedge.com/uploads/2020/01/27/1062230.pdf
- https://vijexanego.weebly.com/uploads/1/3/0/5/130540214/184746d6c.pdf
- http://kuf.hopifai.info/uploads/2020/01/27/subusodogoge.pdf
- http://andreah.se/uploads/1/3/0/6/130604838/sesawemitedajevav.pdf
- http://lore.7x4.ru/uploads/2020/01/28/dutabatevepubam.pdf
- https://ruwolevan.weebly.com/uploads/1/3/0/4/130435939/1155342.pdf
- http://mymissblue.com/uploads/1/3/0/4/130475984/130475984.html#amapiano+mix+2018+datafilehost
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001848.bin6159f26c65b15252048d30a720525cb0987c057556136606229ca536eb4b5c57 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1848 | 8604 bytes |
font_01_sfnt_off00005aa9.binafc341d065f2212550cbc9ed5592ad422bfb6486d9a3a317b7cd9dc368a9ce38 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5AA9 | 10612 bytes |
font_02_sfnt_off0000719e.bin51409e6f82dc61baede4556d12cd13eb3ec66d000ad4ee2a3acd0b9526e4c3a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x719E | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.