MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ClamAV detection and ML classifier also indicate maliciousness. The primary purpose appears to be directing users to a vast array of other PDF documents hosted on numerous domains, suggesting a link farm or distribution network for potentially malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mymlmbiz.com/uploads/1/3/0/4/130489081/6034252.pdf
- http://museofyourownmaking.com/uploads/1/3/0/6/130621649/9408819.pdf
- http://metropolitancabinetworks.com/uploads/1/3/0/6/130620795/73707.pdf
- http://peacebypiece-customlettering.com/uploads/1/3/0/7/130775727/75fdd7c9c.pdf
- http://www.jennybrawner.com/uploads/1/3/0/2/130272892/naseliniziloke.pdf
- http://sunmedicineemotions.com/uploads/1/3/0/6/130603673/najefoludiza-pijumazukisara.pdf
- http://nw7.me/uploads/1/3/0/6/130604011/miwafibiwa.pdf
- http://www.devingraysoncentral.com/uploads/1/3/0/4/130435725/2572440.pdf
- http://www.myearthworldphotography.com/uploads/1/3/0/7/130776035/wudutizudexukabomiku.pdf
- http://naughtybottom.net/uploads/1/3/0/6/130639998/44512.pdf
- http://pronaffiliate.net/uploads/1/3/0/2/130289410/ratizuragovezemo.pdf
- http://mail.sjosephpsychotherapy.com/uploads/1/3/0/2/130289359/8334346.pdf
- http://www.boinggymnastics.com/uploads/1/3/0/6/130639747/4c12bc48cddc.pdf
- http://www.dustinnathanielphotography.com/uploads/1/3/0/4/130476243/8450798.pdf
- http://gabrielpropertysolutionsllc.net/uploads/1/3/0/7/130739598/3260a05c4.pdf
- http://www.nmsignaturecleaning.com/uploads/1/3/0/4/130489564/tumosi_viwejadurol.pdf
- http://breaklocator.com/uploads/1/3/0/8/130873912/ruseza.pdf
- http://veterans-interiors.com/uploads/1/3/0/3/130324420/961d0bd894452.pdf
- http://faircareservices.com/uploads/1/3/0/3/130379928/topakuvibap_dagupito_weluwotopine_tesuvodo.pdf
- http://www.atmdye.com/uploads/1/3/0/6/130604878/dovawa.pdf
- http://denvermetroprotocols.org/uploads/1/3/0/7/130775772/retevabudilile-malebavixaxuwo.pdf
- http://13saintsrock.com/uploads/1/3/0/5/130545333/e0a222bece.pdf
- http://mobilemechanicdagenham.com/uploads/1/3/0/4/130488542/1840ad46d.pdf
- http://chivor-emeralds.org/uploads/1/3/0/2/130272484/xabasi.pdf
- http://deecegroup.com/uploads/1/3/0/8/130814290/130814290.html#carta+de+apresenta%C3%A7%C3%A3o+de+empresa+de+constru%C3%A7%C3%A3o+civil+pdf
- http://welcomeday.gradengineering.columbia.edu/uploads/1/3/0/5/130590162/worajugumojeteb_zolebimeritude_venomimabe_mutalepobikonu.pdf
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000181a.bin814bdf96e65541d3e3f4e777a7d87116d4ce38785a0c3803f52dfb537ebb2461 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x181A | 10976 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.