MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links to other PDF files hosted on various domains. This behavior is indicative of a link farm designed to distribute malicious content or conduct phishing attacks. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports the phishing and traffic redirection nature of this file. No scripts were extracted from this sample.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://zagleverage.com/uploads/1/3/0/7/130775023/3889069.pdf
- http://mainstrasse.org/uploads/1/3/0/5/130588434/9363615.pdf
- http://rubberbymok.com/uploads/1/3/0/4/130483767/5285899.pdf
- http://anongroup.org/uploads/1/3/0/4/130483765/7491097.pdf
- http://nisfannawaz.com/uploads/1/3/0/5/130550834/sivevufunow-wigebo-vutux-fametom.pdf
- http://toosrodieck.com/uploads/1/3/0/5/130539797/6328657.pdf
- http://naturalhand.net/uploads/1/3/0/2/130287894/52db85.pdf
- http://thegreatberlinwall.com/uploads/1/3/0/3/130313135/3915663.pdf
- http://splashsteamboat.com/uploads/1/3/0/6/130639745/4313027.pdf
- http://www.haleycloud.com/uploads/1/3/0/4/130476263/3266973.pdf
- http://pakalolochocolate.com/uploads/1/3/0/6/130620916/mukasimesepig-refelow.pdf
- http://dowsonusa.com/uploads/1/3/0/6/130604885/ziliguzerewan-jutago-xatinegibo-goroso.pdf
- http://altercredo.com/uploads/1/3/0/2/130289426/kaguva_pebibubenubupes.pdf
- http://vodkajuicediet.com/uploads/1/3/0/8/130873870/gakiwurulafefeso.pdf
- http://txa4d.com/uploads/1/3/0/6/130620576/8645371.pdf
- http://vancouvervacationrentals.org/uploads/1/3/0/7/130776446/bupojazam_negamijegonuwen_kaxuzojavuzax_xevisiz.pdf
- http://photojohn.net/uploads/1/3/0/5/130588417/3272854.pdf
- http://kissimmeehomesforsale.net/uploads/1/3/0/6/130620576/1022606.pdf
- http://viviantung.com/uploads/1/3/0/5/130588489/ae4905d92f42e4f.pdf
- http://qtmchain.com/uploads/1/3/0/7/130739012/xadilo_jaxawa_lilakugifelenek_zelikalenenabaf.pdf
- http://allseasonscleaning.trustabiz.com/uploads/1/3/0/5/130550876/62c2b5bf.pdf
- http://goldiefoxcreativeconsulting.com/uploads/1/3/0/7/130775507/9547201.pdf
- http://olympicdiscoverytrail.net/uploads/1/3/0/6/130639145/ca396992e335b.pdf
- http://afriwendythread.com/uploads/1/3/0/5/130550970/pilesobetawus-nepibajusom-zejuzagulatuxo-fesub.pdf
- http://skepticbrain.com/uploads/1/3/0/8/130813120/rigot-buwozodigixefiz-rilabekumib-larekom.pdf
- http://mylocalcfo.gammaxiques.org/uploads/1/3/0/7/130739446/130739446.html#surah+yaseen+urdu+translation+only
- http://kissimmeehomesforsale.net/uploads/1/3/0/6/130620576/10226
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000036dd.bina9b37827151ea826d1139984ba4d1ed9b0be41b92c13c64ea7f4b9ab3875fd89 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x36DD | 7436 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.