MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF file was flagged by multiple heuristics, including a critical PDF_SEO_LINK_FARM rule and a ML classifier, indicating malicious intent. The embedded content, though heavily obfuscated, contains numerous links to external PDF files hosted on various domains. This suggests a link farm or redirection mechanism designed to lead users to malicious content, likely phishing pages or malware downloads. The ClamAV detection of 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a phishing or traffic redirection role.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://thepalmspringsinn.com/uploads/1/3/0/7/130775760/jowuka_vujejax_sojumizuwi.pdf
- http://shapnas.com/uploads/1/3/0/4/130478374/616b9bb89a.pdf
- http://www.myplushonline.com/uploads/1/3/0/6/130620354/pajedilobad.pdf
- http://gracewhisenand.com/uploads/1/3/0/5/130539004/xosabezititunetoxipa.pdf
- http://www.precisionmedspajax.com/uploads/1/3/0/3/130323547/lutibimipot-bibuzaxunob-zapokemegota-joguju.pdf
- http://toppickorganics.com/uploads/1/3/0/2/130270872/tumujaxi-xirejunonimiduw-jepunonebij-gakugezedu.pdf
- http://newspiritholdings.com/uploads/1/3/0/7/130740163/savirixe.pdf
- http://elizabethbrowndesign.com/uploads/1/3/0/7/130776630/1191483.pdf
- http://enlightenedchava.com/uploads/1/3/0/6/130620453/jifenuni.pdf
- http://miguelsanomovie.com/uploads/1/3/0/5/130588928/9119830.pdf
- http://baranceylan.com/uploads/1/3/0/4/130493714/jutonazo.pdf
- http://greecejapan.net/uploads/1/3/0/7/130776166/sabegesewanaf-bomuz-xezaduwutat-bakotirida.pdf
- http://palosverdesplumber.net/uploads/1/3/0/2/130271004/3096496.pdf
- http://beholdtheroots.com/uploads/1/3/0/2/130288887/joradumazudek.pdf
- http://mgsesl.com/uploads/1/3/0/6/130620996/c8832027ac3e68.pdf
- http://rmblendz.com/uploads/1/3/0/7/130775355/koginom_sebemadonotaza_voxek_vujogusigadov.pdf
- http://believeinyoucoaching.info/uploads/1/3/0/3/130323593/1066011.pdf
- http://newvisionedsolutions.com/uploads/1/3/0/6/130604833/45617af410416.pdf
- http://atouchofclaas.net/uploads/1/3/0/4/130483047/2943957.pdf
- http://country103fm.com/uploads/1/3/0/5/130541624/bumuleja_relavumegu.pdf
- http://mhssportsclub.com/uploads/1/3/0/9/130969945/zufapoli.pdf
- http://azaharaong.com/uploads/1/3/0/5/130588899/1210ed9e0f.pdf
- http://rgeconomicsgroup.com/uploads/1/3/0/4/130493893/7439894.pdf
- http://adsl-63-204-18-15.benefitplans.org/uploads/1/3/0/7/130775182/130775182.html#cubismo+analitico+y+sintetico+diferencias
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000031d5.bin8eb7989097a949e94e07c68a03e0e9ddef233529db740344479c0002dfc82da1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x31D5 | 8876 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.