MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the presence of multiple embedded URLs strongly indicate a phishing attempt. The document body, though containing garbled text, also includes one of the malicious URLs, reinforcing the lure. The primary attack pattern involves directing the user to download a further malicious PDF.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://craftandcorkkitchen.com/uploads/1/3/0/5/130588714/4598199.pdf
- http://theanxietyproject.org/uploads/1/3/0/5/130539297/wukodud.pdf
- http://kelseyelizabethphoto.com/uploads/1/3/0/5/130588494/simigadesotafidofa.pdf
- http://mrssheltonsclassroomeghs.com/uploads/1/3/0/6/130621312/3359983.pdf
- http://mycryosculpt.com/uploads/1/3/0/6/130639313/tesedoxobo.pdf
- http://antiviruseprotectserviceonline.site/uploads/1/3/0/2/130272928/130272928.html#mixed+aldol+condensation+enolate
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000010e2.bin680be0b8d51940d77ca07df1e8f11e3f95202448faba008c186ae456554dd4cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10E2 | 9180 bytes |
font_01_sfnt_off00006edb.binbfa6bc885d477a7ce14e0d20dbf16e2f7702ec68079bc150954b727a1faf25b6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6EDB | 3380 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.