MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, as malicious. The PDF_SEO_LINK_FARM heuristic indicates the presence of a large number of external PDF links, with the first identified URL being http://securityprojects.be/uploads/1/3/0/5/130543648/fijibasonupodawoju.pdf. This suggests a phishing or redirection campaign where the document serves as a lure to a network of malicious sites. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://securityprojects.be/uploads/1/3/0/5/130543648/fijibasonupodawoju.pdf
- http://pamejabo.technolojix.com/uploads/2020/01/28/faxugasewedozu.pdf
- http://royaloakbrewerschampionship.com/uploads/1/3/0/2/130270753/5da54b714205.pdf
- http://cbconservation.com/uploads/1/3/0/5/130550814/liber.pdf
- http://gawilofiv.holidayandpackage.com/uploads/2020/01/29/4405488.pdf
- http://jinufelin.alfavent.info/uploads/2020/01/27/5fb0e7.pdf
- http://pazur.kupitzerkalo.ru/uploads/2020/01/28/3403628.pdf
- http://cmoseleymusic.com/uploads/1/3/0/6/130605472/japutumofebatew.pdf
- http://myrallylife.com/uploads/1/3/0/4/130488940/wadumuperapipe.pdf
- http://strawberrycookienv.com/uploads/1/3/0/6/130620572/wupumi.pdf
- http://minixclusive.com/uploads/1/3/0/6/130621106/6232820b9e.pdf
- http://mymissblue.com/uploads/1/3/0/6/130639869/9996973.pdf
- http://downundermigration.com/uploads/1/3/0/5/130551391/wuxiketisozife.pdf
- http://apluspharm.net/uploads/1/3/0/3/130313102/024f7f65e0.pdf
- http://982ride.weebly.com/uploads/1/3/0/3/130379740/modewepiluzoduw.pdf
- http://xome.photographer-sevastopol.ru/uploads/2020/01/28/muzopekomizigulezuzu.pdf
- https://supanusug.weebly.com/uploads/1/3/0/4/130483132/tokiv.pdf
- http://viso.mstaml-tb.icu/uploads/2020/01/27/kenuxiruxel.pdf
- http://poreji.djfoster.ru/uploads/2020/01/29/femivuliw_xufejikinogu_zaposibo_rojumanabagodi.pdf
- http://sawu.credit-online.me/uploads/2020/01/28/808085.pdf
- http://herbalefiyasamkocu.com/uploads/1/3/0/2/130272328/4184454.pdf
- http://moderndayman.org/uploads/1/3/0/4/130477952/2939176.pdf
- http://dufaruvu.skrb.pw/uploads/2020/01/27/gibelotiwikamo.pdf
- http://westvlietstreet.org/uploads/1/3/0/6/130620689/a0b545.pdf
- http://michaudwellness.com/uploads/1/3/0/6/130639590/130639590.html#wavelength+and+frequency+practice+problems+with+answers
- http://sawu.cred
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000175f.bin5e598aaf501f726854f1c3683385e2a7749a8a8e2d9547bf246425ec86ebeeac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x175F | 8028 bytes |
font_01_sfnt_off00006730.binb080e6aa9682ff87567a230b404ab00780bafcfd3ba11e3f536b788ca6e08ef5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6730 | 16060 bytes |
font_02_sfnt_off00007b70.bin171f8a79f44c817cfb5de1f8154ee08a86d70c6dbb15210f7216abbc77b54c6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B70 | 2732 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.