MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or redirect users to potentially malicious websites. The ClamAV detection as Pdf.Phishing.TtraffRobotInstall-7605656-0 further supports a phishing or traffic-generation intent. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mx.starcraftfishingboats.ca/uploads/1/3/0/7/130740259/sofeza.pdf
- http://candacegraham.com/uploads/1/3/0/5/130588494/7b807aa3d8.pdf
- http://wiredweird.net/uploads/1/3/0/7/130775197/5364342.pdf
- http://introtovideo.com/uploads/1/3/0/6/130620594/muwojob.pdf
- http://mta-sts.sculptingstudiopilates.com/uploads/1/3/0/6/130604152/1181988.pdf
- http://aipriceaction.org/uploads/1/3/0/5/130539165/9965342.pdf
- http://timyang.com/uploads/1/3/0/4/130478709/pugineweje.pdf
- http://betterbodiesgympattaya.com/uploads/1/3/0/6/130639827/ruletizewijo_fubosikafopego.pdf
- http://professionalrenovationsofhamptonroads.com/uploads/1/3/0/7/130775107/f4e5552.pdf
- http://rybirdmusic.com/uploads/1/3/0/8/130874237/mebizomamowapi.pdf
- http://studiomechanique.com/uploads/1/3/0/7/130738963/c31bb96d2f.pdf
- http://alexcog.org/uploads/1/3/0/7/130775565/bifapobapo_milerivut_wamoxiwigeka_wuwufimutemozud.pdf
- http://www.cleansenscrubs.com/uploads/1/3/0/6/130640081/4708504.pdf
- http://engineeringally.com/uploads/1/3/0/2/130270859/c5009ed76d77.pdf
- http://nicole-pellegrino.com/uploads/1/3/0/5/130544086/8957241.pdf
- http://questswim.com/uploads/1/3/0/6/130621596/zekologar_govovonorin_dewubuvowep.pdf
- http://www.kchungphotography.com/uploads/1/3/0/5/130551512/vexemewu_tufobiwop.pdf
- http://daydreamhairandmore.com/uploads/1/3/0/2/130272512/6608741.pdf
- http://santaclaritascreenprinting.com/uploads/1/3/0/6/130640097/kasanedepudazojet.pdf
- http://aikenkraft.com/uploads/1/3/0/4/130483397/sejitufisusopu.pdf
- http://momstoybox.com/uploads/1/3/0/7/130739680/7686e9.pdf
- http://carlosparkplayablanca.com/uploads/1/3/0/3/130324419/napuzo-kunukulepe-binigel-vawugi.pdf
- http://bluefeatherimages.com/uploads/1/3/0/6/130639776/1811744.pdf
- http://fimailbox.com/uploads/1/3/0/7/130739291/bba3d70a2bd4bf.pdf
- http://www.eye-of-awareness.com/uploads/1/3/0/2/130289754/koginete_xepubexaxogugi_mozuximi.pdf
- http://rsghzb.salon225.com/uploads/1/3/0/3/130312983/130312983.html#advanced+excel+formulas+with+examples+in+excel+sheet+free+download+pdf
- http://bluefeatherimages.com/uploads/1/3/0/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000028d7.binda481ad9dd0f8b754fe22b61682e3257ecaa75beaeae6ecb2f81576a614c4782 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x28D7 | 8932 bytes |
font_01_sfnt_off0000c6e5.bin9a24ab500f9baae0c94c7aefd58bc2bf408779d0f7315c51a0a00e12083c02ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC6E5 | 2604 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.