MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment
T1059.001 Command and Scripting Interpreter: PowerShell
The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute further malicious content. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a phishing or traffic redirection intent. The document body itself contains irrelevant text and embedded URLs, reinforcing the malicious nature of the file.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://synergysoundltd.com/uploads/1/3/0/2/130270813/ripabifisabuf-nufulamezurobim.pdf
- http://mercedregionalvision.com/uploads/1/3/0/4/130435939/0d8fc08d810d7.pdf
- http://jebe.aliobzor.store/uploads/2020/01/28/5697834.pdf
- http://narragansettgunclub.org/uploads/1/3/0/6/130620868/bixefiwogove.pdf
- http://xanuvuniwa.leoescamilla.com/uploads/2020/01/28/zesiwemiwesefa_fivikeku_sazinex.pdf
- http://apsolutionsllc.net/uploads/1/3/0/2/130287261/970dba66.pdf
- https://fanusosedavin.weebly.com/uploads/1/3/0/4/130483552/7c0c212848ab.pdf
- http://yambingo.com/uploads/1/3/0/6/130621958/5706497.pdf
- http://moreran.rmc-metall.ru/uploads/2020/01/28/197590.pdf
- http://woodlandsdance.org/uploads/1/3/0/5/130590312/beveridasi.pdf
- https://mupujidiwib.weebly.com/uploads/1/3/0/4/130476168/5613545.pdf
- http://nathanielrichguitars.com/uploads/1/3/0/3/130313333/tavazunivudo.pdf
- https://vixilirab.weebly.com/uploads/1/3/0/2/130292173/gadatopasawa_xirak_vidajiregapotos.pdf
- https://fugonupera.weebly.com/uploads/1/3/0/5/130547689/gedamul-jogukokikodavuv-sujofisonos-dojubo.pdf
- http://allstarroad.com/uploads/1/3/0/5/130589095/2c661bf72.pdf
- http://flippingawesometeaching.com/uploads/1/3/0/4/130436234/fulebupav_wogadosofemi_nidadovaza.pdf
- http://rimiwel.yusufkalayci.com/uploads/2020/01/27/fd4703eca6fd4.pdf
- http://armidalemintodental.com/uploads/1/3/0/2/130274263/8634230.pdf
- http://swd2014.weebly.com/uploads/1/3/0/4/130436252/5499049.pdf
- http://drlyons.net/uploads/1/3/0/5/130551349/jetitimizosogek.pdf
- https://wetumebuniw.weebly.com/uploads/1/3/0/4/130435902/4650412.pdf
- https://bugolokemozubez.weebly.com/uploads/1/3/0/4/130488509/fomaxewuge.pdf
- http://lnstagram-helpservice.com/uploads/2020/01/27/3668738.pdf
- http://xezekir.8i1.com/uploads/2020/01/29/ab2179.pdf
- http://mineralintelligencecapital.com/uploads/1/3/0/6/130622053/130622053.html#overwatch+mercy+meme+template
- http://lnstagram-helpse
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001555.bine6ba34868c51144e73396481034b47085d0fbbcc228c8f6902d808294a70e889 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1555 | 8716 bytes |
font_01_sfnt_off0000aef5.bine636a9cba05bf8acfc6c4afc0f9b74415cc44de847636403369bdf37cc499be6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAEF5 | 18456 bytes |
font_02_sfnt_off0000ca9c.bine91619dfd4c72a85464d95ef1ba4e67df13020651c42071bafbe521a61d9f7fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCA9C | 2652 bytes |
font_03_sfnt_off0000d34e.bin5eb760cc4a55482ec83ade6b129bfc55c419dc8033dded0793b0d14099a41668 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD34E | 1652 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.