MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded URLs pointing to other PDF files hosted on various domains. This behavior is indicative of a link farm or a distribution mechanism for further malicious content, as suggested by the 'PDF_SEO_LINK_FARM' heuristic. The ClamAV detection further supports its malicious classification. No scripts were extracted from this sample, and the document body text is largely unreadable, making it difficult to determine a more specific attack pattern beyond link distribution.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://musings-rants.com/uploads/1/3/0/3/130323764/4b3a7f05fe32eb5.pdf
- http://www.karimjabbar.com/uploads/1/3/0/4/130435635/9546730.pdf
- http://nissanfigaro.net/uploads/1/3/0/5/130543198/3545774.pdf
- http://movingmemorycompany.com/uploads/1/3/0/6/130620482/b7be4d.pdf
- http://farmboy.press/uploads/1/3/0/6/130603855/jokuvaxerak.pdf
- http://loneymetalworks.com/uploads/1/3/0/7/130775593/3462864.pdf
- http://evilgamers.com/uploads/1/3/0/7/130738884/sosuzuwebu_luzoruredoda_fuberobafirumiv.pdf
- http://puppylink.ca/uploads/1/3/0/6/130604198/bajosawi.pdf
- http://studentafe.com/uploads/1/3/0/5/130539494/tuganubomukiwib-xomagadeg-wefogijukove-xinuxusot.pdf
- http://lunartico-malamutes.com/uploads/1/3/0/6/130621411/6774705.pdf
- http://rumbacan.com/uploads/1/3/0/8/130874475/loxopinidib.pdf
- http://savecannabis.us/uploads/1/3/0/4/130488734/molukagato.pdf
- http://webmail.thankfulrecords.com/uploads/1/3/0/6/130621980/derikonivariw.pdf
- http://montessoriforpeace.net/uploads/1/3/0/4/130490053/pubonezumikenug.pdf
- http://carolinevanthoff.com/uploads/1/3/0/2/130287371/wizolof.pdf
- http://monaventurephoto.com/uploads/1/3/0/6/130604250/9ea7a4d0fd49681.pdf
- http://brisbanebirthing.com/uploads/1/3/0/6/130620708/neduremexobi.pdf
- http://stonewoodhops.com/uploads/1/3/0/4/130435751/dijufubumex.pdf
- http://billtheinspector.com/uploads/1/3/0/5/130588568/4727916.pdf
- http://tattoovictoriatexas.com/uploads/1/3/0/5/130548039/1536136.pdf
- http://coleinvestigations.com/uploads/1/3/0/4/130483389/lifasuxas_nivetuf_xosogevibefu.pdf
- http://myforgottenself.com/uploads/1/3/0/6/130604552/7799855.pdf
- http://fretbuzz.com/uploads/1/3/0/5/130543979/weboxojusemi_zeniruru.pdf
- http://yinghunzuanshi.br3h.com/uploads/1/3/0/8/130813899/130813899.html#jurnal+tentang+alkaloid+pdf
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000174d.bin373baa02a29f53dd6be4ea819825aae62504610becf0582826f1828b40e9f93a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x174D | 8888 bytes |
font_01_sfnt_off0000bdaa.bin171f8a79f44c817cfb5de1f8154ee08a86d70c6dbb15210f7216abbc77b54c6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBDAA | 2732 bytes |
font_02_sfnt_off0000c6b0.bin7d0e4f26927737c593ed7efda103a1107150fe3ac8ddbcafaf6ee6c0af50a0b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC6B0 | 1588 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.