MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links to external PDF files hosted on various domains, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or SEO manipulation tactic. The ClamAV detection of 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a malicious intent, likely related to phishing or traffic redirection. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://the-wild-moon.com/uploads/1/3/0/5/130550926/3283411.pdf
- http://zeroclabsi.com/uploads/1/3/0/4/130476748/3378834.pdf
- http://sub2000ati.com/uploads/1/3/0/6/130639081/ziwusuvefekikilazuf.pdf
- http://mx.joyforthejourney.org/uploads/1/3/0/2/130288932/4375910.pdf
- http://forelcerrito.com/uploads/1/3/0/5/130539090/wadowojusozumino.pdf
- http://www.njrunpics.org/uploads/1/3/0/8/130873818/2719582.pdf
- http://e-comerciante.com/uploads/1/3/0/5/130550752/jezekexoxiv-sanemisikufejim-pewol.pdf
- http://bjenko.com/uploads/1/3/0/7/130776519/mamepukobovafojoxig.pdf
- http://mysunshinedistributors.com/uploads/1/3/0/4/130488243/gufotozu.pdf
- http://drfranklinlevin.com/uploads/1/3/0/7/130738883/zimusewobigaz.pdf
- http://smyelectricalcontractor.com/uploads/1/3/0/6/130639428/vunolopanikiram.pdf
- http://mrfriedliclass.com/uploads/1/3/0/4/130435914/madewoxovuwojoneb.pdf
- http://khatibenergy.com/uploads/1/3/0/5/130588790/noxaneb-ridewilapefog-rijoku.pdf
- http://gasloandco.com/uploads/1/3/0/4/130488153/fetazak.pdf
- http://marykrausconsulting.com/uploads/1/3/0/6/130620762/rasufisamiji.pdf
- http://www.indieeducator.com/uploads/1/3/0/5/130539660/sesadaxujageluseja.pdf
- http://vicinv.net/uploads/1/3/0/7/130775130/1835065.pdf
- http://pyramidscientist.com/uploads/1/3/0/8/130873937/tidumesade_kuzewinoxekug.pdf
- http://ldhbuyshomes.com/uploads/1/3/0/7/130775892/jazijoxoba_detepuv_ralofadu.pdf
- http://ourweefarm.com/uploads/1/3/0/8/130815031/zabeperebogimiw-sesasanosukedu-tokaron.pdf
- http://umdrfc.org/uploads/1/3/0/4/130477009/a8cd4c7c.pdf
- http://mollylizzio.com/uploads/1/3/0/8/130814933/6735011.pdf
- http://composers.directory/uploads/1/3/0/2/130273623/5bf8b9c5fd29a6.pdf
- http://juneau-dining.com/uploads/1/3/0/2/130274305/diliwigak-porulizireregi-kidalituwatapu-mixulavanajum.pdf
- http://icantfocus.net/uploads/1/3/0/3/130323767/bularo_wiropabepivub_gewenisabaz_mufuguzasedeva.pdf
- http://74-123-75-25.mgwnet.com/uploads/1/3/0/8/130814235/130814235.html#download+adobe+pdf+printer+for+windows+10
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000261a.bin1b3f82cd74c5b6671cc0c0d4a6c7877b74bb57ca469b2a61ef541918e41af838 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x261A | 2652 bytes |
font_01_sfnt_off00002ee9.bin4d884775183a85c26aba9b3dd673642af9f7218e76b13c59122748a05634ae84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2EE9 | 16068 bytes |
font_02_sfnt_off00004693.bin409b0f03d3c8c7efb8d60a51f30ea706b6dab1556e0d74612551b168cde5519a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4693 | 8424 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.