MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier and ClamAV also flagged this file as malicious, with ClamAV identifying it as Pdf.Phishing.TtraffRobotInstall-7605656-0. The document body, though truncated, suggests a lure related to improving English speaking skills, which is likely a pretext to direct users to the malicious link farm. The primary function appears to be distributing traffic to a network of sites, possibly for SEO manipulation or to serve further malicious payloads.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://martinhaycompany.com/uploads/1/3/0/8/130813521/8656097.pdf
- http://svreunion.com/uploads/1/3/0/2/130272339/91aadbf5bb.pdf
- http://kyawomen.com/uploads/1/3/0/6/130621214/8155346.pdf
- http://creatingtheconditionsfortransformation.com/uploads/1/3/0/4/130435862/xajijifadoz.pdf
- http://nashvilledrones.com/uploads/1/3/0/5/130590592/242bd.pdf
- http://bluemonstercellars.com/uploads/1/3/0/7/130740082/vonatej.pdf
- http://theriversedgeranch.com/uploads/1/3/0/2/130288402/bukupobatifetev.pdf
- http://publicationorganizer.com/uploads/1/3/0/7/130739635/mavesavasadizu-vozep-lavudapes.pdf
- http://risewithonyx.com/uploads/1/3/0/6/130620772/febitumon.pdf
- http://txpublicschoolproud.com/uploads/1/3/0/6/130621413/jixopugopijoruvulif.pdf
- http://2000tractor.com/uploads/1/3/0/3/130313155/7266782.pdf
- http://wecanimpressyou.com/uploads/1/3/0/4/130435702/zutewiwuta.pdf
- http://thisiscontent.io/uploads/1/3/0/7/130776409/5423447.pdf
- http://friend-vibes.com/uploads/1/3/0/5/130543190/kadetawus-ponunimewon.pdf
- http://nyimajarrascreativeworld.co.uk/uploads/1/3/0/3/130323554/20f15ee4880212.pdf
- http://httpsecurityscan.com/uploads/1/3/0/4/130488451/64180c8ef4.pdf
- http://lakegeorgebrewhouse.com/uploads/1/3/0/2/130292089/nifonimu-bewozadig-judoleb.pdf
- http://margaretsinspirations.com/uploads/1/3/0/6/130620773/kuzote.pdf
- http://vintagevancouvan.com/uploads/1/3/0/2/130287972/zisovumuxil-nagirapebedanu.pdf
- http://cbtutoring.com/uploads/1/3/0/6/130621703/9711579.pdf
- http://performphysiotherapy.net/uploads/1/3/0/5/130539657/3792d46d3c.pdf
- http://milkywayfarm.net/uploads/1/3/0/5/130590673/liputanuxawali-balutepus.pdf
- http://aguado-family.rominastiebenphotography.com/uploads/1/3/0/5/130550992/130550992.html#how+to+improve+english+speaking+skills+in+students
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057bf.bin5bf394e586e141148d21db3239e74e81d89dc15181fb894d871df2109e9b9d08 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57BF | 8472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.