MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The file is a PDF document that contains multiple embedded URLs, suggesting a phishing or social engineering attempt to trick the user into downloading further malicious content. The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly indicates a phishing campaign. The embedded URLs are the primary indicators of compromise, likely leading to further stages of the attack.
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dianataylortarot.com/uploads/1/3/0/5/130589050/7471186.pdf
- http://coldstreamsweetsandtreats.com/uploads/1/3/0/5/130540186/videjajumasopil-razimef-dolitogofinisex-guwawemaxoro.pdf
- http://becomeaconqueror.com/uploads/1/3/0/6/130639410/vetejitiv.pdf
- http://danielamansfield.com/uploads/1/3/0/6/130620937/4903872.pdf
- http://askwiseguys.com/uploads/1/3/0/6/130639093/xuwafot.pdf
- http://theelfbox.com/uploads/1/3/0/6/130639802/130639802.html#elements+of+auriculotherapy+pdf
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000111a.bind295a969b69f222ac3f28f70ac77dc5e8d952484472cd2dc27ebe6872a425101 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x111A | 9520 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.