MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://sophiawisdomcenter.com/uploads/1/3/0/8/130874099/jaluzoriluxedow_paxijobavu.pdf In PDF document text
- http://hostmaster.dinepiand.com/uploads/1/3/0/5/130546244/lofozurizufanuxek.pdfIn PDF document text
- http://pssdforum.com/uploads/1/3/0/7/130776040/nudazezoxerewev.pdfIn PDF document text
- http://onlocation-sh.com/uploads/1/3/0/3/130379635/78b00018.pdfIn PDF document text
- http://greysay.net/uploads/1/3/0/4/130488580/7e25c3d74b5e.pdfIn PDF document text
- http://dattebayo.net/uploads/1/3/0/6/130604805/tawubademebarudarat.pdfIn PDF document text
- http://lessonsforlittlelearners.com/uploads/1/3/0/3/130380002/928499dcf7a.pdfIn PDF document text
- http://martysports.com.au/uploads/1/3/0/7/130739508/4306431.pdfIn PDF document text
- http://funwoodart.com/uploads/1/3/0/6/130605216/8306396.pdfIn PDF document text
- http://reterik.com/uploads/1/3/0/6/130603721/vudiduledurekanoseba.pdfIn PDF document text
- http://pixelpush.net/uploads/1/3/0/4/130476778/jebipowuxolelig.pdfIn PDF document text
- http://clontarfbuildinghistory.com/uploads/1/3/0/7/130739048/tulasefov-fegepama-wamosajugunul-temavek.pdfIn PDF document text
- http://parcelshipping.international/uploads/1/3/0/4/130435893/3a3341f.pdfIn PDF document text
- http://sonsetministries.com/uploads/1/3/0/4/130489143/zeranuseferowewipuji.pdfIn PDF document text
- http://savethetreespdx.com/uploads/1/3/0/2/130271243/kubaxurixopol-wasisunefebareb-sekilab-debemezegex.pdfIn PDF document text
- http://nekima.net/uploads/1/3/0/7/130776760/583749.pdfIn PDF document text
- http://kingfisher1.pleasingfood.com/uploads/1/3/0/7/130775866/130775866.html#corpus+juris+secundum+online+freeIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000038ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x38EA | 16780 bytes |
SHA-256: 360a3aa3838e657cc6094e0e2c3f7c0ba365610dac03d55ff0e7434e20c8cc3c |
|||
font_01_sfnt_off00005359.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5359 | 8600 bytes |
SHA-256: e9f083003fcb0563b7b4995bb48f43b92d982b73c37c4d98c7e1922e084bca19 |
|||
font_02_sfnt_off00007068.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7068 | 2484 bytes |
SHA-256: 0a74f62927e6506cf556ce04093ddaf717254a888a2313c4e0126ed6d6ed1ae5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.