MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ClamAV detection of Pdf.Phishing.TtraffRobotInstall-7605656-0 further supports a phishing or malicious redirection intent. The document body is heavily obfuscated and unreadable, but the presence of numerous links to other PDF files suggests a link farm or redirection mechanism designed to lead users to malicious content.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://cgexitmaterials.com/uploads/1/3/0/6/130640003/semusoziguji.pdf
- http://zenexbcs.com/uploads/1/3/0/3/130312944/eab1d46de80172.pdf
- http://oldpeanut.com/uploads/1/3/0/7/130738885/kobasisa.pdf
- http://www.rachelflynnart.com/uploads/1/3/0/3/130379492/284c230a43.pdf
- http://ronstruckshop.com/uploads/1/3/0/2/130289220/7669624.pdf
- http://bellecreekresources.net/uploads/1/3/0/6/130620650/guboxidakul_peguvewosan_livigetexiforim_buxexewoxajuxa.pdf
- http://mta-sts.mail.myvoicemywords.com/uploads/1/3/0/6/130620668/265187.pdf
- http://salgroup.org/uploads/1/3/0/6/130639863/a8418436f4.pdf
- http://maikesmarvels.net/uploads/1/3/0/2/130270874/91d7f8a6e01d8a.pdf
- http://morgan.team/uploads/1/3/0/3/130313056/13ae7ceb19e9.pdf
- http://electricgatesnwa.com/uploads/1/3/0/6/130621432/dd86fbc1bac5.pdf
- http://costaspeed.com/uploads/1/3/0/5/130539046/318501.pdf
- http://ibnpercy.com/uploads/1/3/0/6/130604205/divudoti-gotonaso-gulikaxuz.pdf
- http://foodplusfit.com/uploads/1/3/0/7/130776100/sufenul_suzuzeba_xewimaw.pdf
- http://www.missiondrivenresources.com/uploads/1/3/0/4/130436147/6eb35d7.pdf
- http://mrnowadays.com/uploads/1/3/0/5/130589057/zozir-wewevezesogute-xadowuxigunizoz-wizomeguzaj.pdf
- http://innovationbroadcastservice.live/uploads/1/3/0/5/130542940/8794879.pdf
- http://eidointernational.com/uploads/1/3/0/6/130620873/7e7c37651a6.pdf
- http://essentialoilsbykristine.com/uploads/1/3/0/6/130621245/cf813c52a8b0.pdf
- http://nrsvirtualservicesdev.com/uploads/1/3/0/2/130272080/jadujam-tubud-sifizakutokazel.pdf
- http://dazzleitdesigns.com/uploads/1/3/0/3/130379675/zefigedodo_tujarasapirumat_mapupawedup.pdf
- http://rockymountainhomeinvestors.com/uploads/1/3/0/5/130551330/fozofakiwumuvogavafo.pdf
- http://merchmerchmerch.shop/uploads/1/3/0/7/130739185/pokexane.pdf
- http://punani.world/uploads/1/3/0/6/130604150/ccf585c49331c4.pdf
- http://jazmin-gonzalez.com/uploads/1/3/0/6/130604617/53e70.pdf
- http://riu5kbwh.brdge.org/uploads/1/3/0/3/130323302/130323302.html#salivary+alpha+amylase+stress
- http://mrnowadays.com/uploads/1/3/0/5/1305890
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003dc5.bin4d9ec2aec8f1ca6bebe1b56492fd55a77bba3a6e98efb76508c1b835d4eb9912 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3DC5 | 2860 bytes |
font_01_sfnt_off00004a82.bina14dcbcc5073bdaafde6e560178ea4ca6822234bb810a3b91bf199b6ad94812f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A82 | 8212 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.