MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged by multiple heuristics, including ClamAV and an ML classifier, for malicious behavior. The critical PDF_SEO_LINK_FARM heuristic indicates the presence of a large number of external PDF links, with the first identified URL being http://www.weeblyreviews.com/uploads/1/3/0/7/130739081/d823eecfa58.pdf. This suggests the document's primary purpose is to redirect users to a vast network of other PDFs, likely for SEO spam or to distribute further malware. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.weeblyreviews.com/uploads/1/3/0/7/130739081/d823eecfa58.pdf
- http://www.paulemarchand.com/uploads/1/3/0/4/130488483/rusoveregupuf.pdf
- http://columbusstagingcoach.com/uploads/1/3/0/6/130639763/1bc7719faa5c2.pdf
- http://bobodigitalmarketing.com/uploads/1/3/0/7/130739517/b43169.pdf
- http://mrscarasclass.com/uploads/1/3/0/6/130621956/5938cc9d8d2db.pdf
- http://scottspeanuts.com/uploads/1/3/0/2/130271142/a3958d9.pdf
- http://sharpescope.com/uploads/1/3/0/2/130287407/4906348.pdf
- http://xtremeshootingsports.com/uploads/1/3/0/6/130605504/aa5ed0f6e860d74.pdf
- http://ps360x.org/uploads/1/3/0/2/130273893/1d0b6416052a5df.pdf
- http://regos.info/uploads/1/3/0/6/130639326/resobomowijajidan.pdf
- http://qckali.com/uploads/1/3/0/4/130483260/luxonafepifatiz-soxufisemuledi-vulinuzat.pdf
- http://printableloveletters.blog/uploads/1/3/0/6/130603929/2092690.pdf
- http://robertoaksphotography.com/uploads/1/3/0/6/130621052/f427f27de.pdf
- http://ndublincare.ie/uploads/1/3/0/5/130538863/7bcdf1ab.pdf
- http://blueberrywings.com/uploads/1/3/0/2/130289731/537081a0721fa.pdf
- http://sabyhage.se/uploads/1/3/0/4/130476188/nadebegagafijiridazu.pdf
- http://rueonauburn.com/uploads/1/3/0/2/130291593/4810708.pdf
- http://orlandoairconditioners.com/uploads/1/3/0/4/130436197/zajebi_lebowek_rovusoxumuvajo_jukezobuge.pdf
- http://theloveunit.pink/uploads/1/3/0/2/130272636/zanixerep-vuwuloluta.pdf
- http://clcboston.com/uploads/1/3/0/5/130542908/zowigiladav.pdf
- http://windsorwesley.com/uploads/1/3/0/6/130605044/jidutojofaxub-ferajumonadi-motusaxuzimiduw-fusosenated.pdf
- http://mail.estherportes.com/uploads/1/3/0/3/130312926/kuvonigedur-furosivebin.pdf
- http://www.cascading-quilts.com/uploads/1/3/0/2/130271068/masupexukakesixo.pdf
- http://oldmilltradingco.shop/uploads/1/3/0/5/130590336/jojaxujefigu_girogik_guxojotera.pdf
- http://speelkoning.net/uploads/1/3/0/6/130604363/130604363.html#sample+minutes+of+the+meeting+in+school+pdf
- http://mail.estherportes.com/uploads/1/3/0/3/130312926/kuvonigedur-furosivebin
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003940.bindc8198aaee34fda1932bb7027591a126d5091b1f93ed218b34a8d56ec674767c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3940 | 8100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.