MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various domains. This suggests a link-farming or phishing campaign. The ML classifier and ClamAV detection strongly indicate malicious intent, specifically identified as Pdf.Phishing.TtraffRobotInstall-7605656-0. No scripts were extracted, but the embedded URLs are the primary indicators of compromise.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://edibledallasfortworth.com/uploads/1/3/0/5/130539053/634e9.pdf
- http://thearchitecturalgardendigest.com/uploads/1/3/0/5/130550832/31deee01dea25.pdf
- http://bataoverseas.com/uploads/1/3/0/4/130483487/7395512.pdf
- http://www.waterproofstructures.co.nz/uploads/1/3/0/7/130775584/kufozagut.pdf
- http://sphsbasketball.com/uploads/1/3/0/4/130436306/pitejepo_pajegenufa.pdf
- http://dianapoems.com/uploads/1/3/0/6/130621057/55d5384a93cb.pdf
- http://myguillermofloresuagro.net/uploads/1/3/0/3/130323957/gibazonuz.pdf
- http://mpbmobilenotary.com/uploads/1/3/0/6/130605076/revijofebe.pdf
- http://tewksburyhistoricalsociety.site/uploads/1/3/0/2/130289270/2172535.pdf
- http://tressesaunaturale.com/uploads/1/3/0/4/130483043/bbb49.pdf
- http://22-lax.com/uploads/1/3/0/6/130604871/65cbb.pdf
- http://thegeeksdomain.com/uploads/1/3/0/7/130739349/megekotaj.pdf
- http://bcdcosmetics.com/uploads/1/3/0/3/130379317/kedozuwajuro.pdf
- http://hostmaster.myleftylandies.com/uploads/1/3/0/6/130621019/ac42bce406e9.pdf
- http://mydrwalker.com/uploads/1/3/0/2/130272579/midilekobulok_pasalerumijumux_tomimaki.pdf
- http://celebrationperformers.com/uploads/1/3/0/5/130540176/3168825.pdf
- http://nancytoofani.com/uploads/1/3/0/7/130775759/wofoku.pdf
- http://antifeverformula.com/uploads/1/3/0/5/130541346/a10e0684939f967.pdf
- http://naualli.net/uploads/1/3/0/4/130488429/39d0f16c52.pdf
- http://brewandplowfarm.com/uploads/1/3/0/6/130621461/4372128.pdf
- http://www.pretendproduction.com/uploads/1/3/0/8/130813509/d9dfdd6371a0e6d.pdf
- http://labellewinery.net/uploads/1/3/0/7/130739895/sigelesu.pdf
- http://okashi.be/uploads/1/3/0/7/130738528/pupipagili-nixugu.pdf
- http://dcepool.com/uploads/1/3/0/6/130621098/dcd1c87da.pdf
- http://cvayn.bpmtc.com/uploads/1/3/0/4/130483811/130483811.html#fourier+transform+of+shifted+rect+function
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003564.bin7db17ba1c98bbc12cb1c0d7f19bb901ba5ca3ef35ea4df2b18c3f3774bc6978f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3564 | 2692 bytes |
font_01_sfnt_off00003e70.binc8cb7729cf819cb033fc650cb5e0ab1d6fd0ca72c095cb08f81fec04b4a58d05 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E70 | 16208 bytes |
font_02_sfnt_off000056c7.bin8b0c58affdbcd39486c26dbd995bf2405f4a62f868f0c27423eb26d26911e4c3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56C7 | 8888 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.