MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1105 Ingress Tool Transfer
The PDF file contains a large number of embedded URLs pointing to external PDF files hosted on Weebly. This pattern is indicative of SEO spam or a phishing campaign designed to redirect users to malicious content. The ClamAV detection and ML classifier further support its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bapuvujupa.weebly.com/uploads/1/3/0/4/130435721/9487853.pdf
- https://tijafusefekaj.weebly.com/uploads/1/3/0/3/130313188/xesiguzigaj.pdf
- https://kowipololu.weebly.com/uploads/1/3/0/3/130313070/fa67855de7d.pdf
- https://nonulazu.weebly.com/uploads/1/3/0/4/130488780/18b7f95.pdf
- https://tifumepege.weebly.com/uploads/1/3/0/2/130289734/xusiwulanaxapu-fokivaxonixaz-rewar.pdf
- https://jojazuvisanipe.weebly.com/uploads/1/3/0/5/130544872/88d7344f76.pdf
- https://busufovemawut.weebly.com/uploads/1/3/0/4/130483184/cf03870ad195445.pdf
- https://duravuxeku.weebly.com/uploads/1/3/0/2/130289679/cbd061e40bad8.pdf
- https://jotojiposakab.weebly.com/uploads/1/3/0/4/130476034/1520126.pdf
- https://nexubezetigim.weebly.com/uploads/1/3/0/5/130539128/gisonorag_fuzotukepokas_jinugeribusiwi.pdf
- https://tojaroti.weebly.com/uploads/1/3/0/4/130475939/jewusajifapo.pdf
- https://jibopelaruga.weebly.com/uploads/1/3/0/4/130436071/makoseti.pdf
- https://sokedovuz.weebly.com/uploads/1/3/0/3/130323293/27f14.pdf
- https://bawobuzodalib.weebly.com/uploads/1/3/0/3/130379219/e6a9c422ca.pdf
- https://movamategi.weebly.com/uploads/1/3/0/4/130490193/8111584.pdf
- https://mimuwarelige.weebly.com/uploads/1/3/0/3/130323928/e5b737417f0.pdf
- https://vijerezemug.weebly.com/uploads/1/3/0/4/130476242/3192b0.pdf
- https://nowogumu.weebly.com/uploads/1/3/0/4/130483350/nuwabono.pdf
- https://newiwozebumid.weebly.com/uploads/1/3/0/3/130323585/buvanowagebijof.pdf
- https://rejogolep.weebly.com/uploads/1/3/0/2/130271259/zolofug_ralimugejotose_wuturud.pdf
- https://teserawixuxukor.weebly.com/uploads/1/3/0/4/130483338/486827.pdf
- https://xozojubezuzira.weebly.com/uploads/1/3/0/5/130543462/ninumesofu.pdf
- https://nuvesefasupev.weebly.com/uploads/1/3/0/4/130488891/kapuxeseniw_jewinimajitivil_pelezafonanusa.pdf
- https://rajazuguruvowof.weebly.com/uploads/1/3/0/4/130435722/1393378.pdf
- https://ranatosukuxad.weebly.com/uploads/1/3/0/4/130483748/7211204.pdf
- https://ladorigil.weebly.com/uploads/1/3/0/4/130476332/130476332.html#difference+between+first+and+third+angle+projection+symbols
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicense
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001751.bin5ff87f2c048a797b0214fd9276efe43115bc8cad6c45ab2d01e3cf7349bcb8c2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1751 | 7836 bytes |
font_01_sfnt_off0000692c.bind907c570f1f8f2d62f38d7529dbf77de46ca3a1917ec53aca7a78bae59874b04 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x692C | 2616 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.