MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, identified as a link farm, with the primary URL being http://nkaskephotography.com/uploads/1/3/0/6/130621161/dewovezifakuke_gorawe_lesuxigimedo.pdf. The heuristic 'SE_INVOICE_LURE' indicates that the document's content is designed to resemble an invoice or payment request, further supporting the malicious intent. ClamAV detection confirms this as Pdf.Phishing.TtraffRobotInstall-7605656-0. The embedded links likely lead to malicious content or further stages of an attack.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://nkaskephotography.com/uploads/1/3/0/6/130621161/dewovezifakuke_gorawe_lesuxigimedo.pdf
- http://corfiotholidays.com/uploads/1/3/0/3/130323249/4972d7.pdf
- http://lehighvalleybarbell.com/uploads/1/3/0/7/130739011/karunerawi-fobonipariluvu-wanuv.pdf
- http://andinclusion.com/uploads/1/3/0/2/130291591/5852964.pdf
- http://wayjayjetwas.com/uploads/1/3/0/2/130287939/8658d41cd6dbc8d.pdf
- http://rainboascales.com/uploads/1/3/0/6/130620632/9526565.pdf
- http://madeinvenice.net/uploads/1/3/0/6/130604737/ec42966f.pdf
- http://naturallog.net/uploads/1/3/0/6/130639635/61de9e4dd7998.pdf
- http://newbornumc.org/uploads/1/3/0/5/130538833/sefibelojawapib.pdf
- http://vinnietoronto.com/uploads/1/3/0/5/130550936/7190709.pdf
- http://gishack.com/uploads/1/3/0/6/130639808/d95b4e.pdf
- http://noahopper.com/uploads/1/3/0/2/130289585/2565044.pdf
- http://reikisoundbliss.com/uploads/1/3/0/5/130550654/burapujowonij.pdf
- http://myafricanloveseries.com/uploads/1/3/0/5/130550697/ridugiravix.pdf
- http://reneesgourmetpizzeria.net/uploads/1/3/0/6/130605357/ed89386a3f2bce3.pdf
- http://portaleconomico.info/uploads/1/3/0/6/130621061/sosorom.pdf
- http://northpacifictrainingperformanceinc.com/uploads/1/3/0/6/130640070/83644f63e43ed.pdf
- http://msmailadministrator.net/uploads/1/3/0/6/130603939/44e3b7ad3ca04d.pdf
- http://augrio.ai/uploads/1/3/0/6/130603725/fuzopidumodefub_renugizoj_memegarijo.pdf
- http://phonenext.net/uploads/1/3/0/7/130776656/7020904.pdf
- http://beardedbowls.com/uploads/1/3/0/5/130590339/mizefisasumu.pdf
- http://astarboards.com/uploads/1/3/0/5/130551063/86054.pdf
- http://southwaltonblues.com/uploads/1/3/0/8/130874361/poxewub-xojibekiz-ripib.pdf
- http://naomiquinnphotography.com/uploads/1/3/0/5/130590279/446237.pdf
- http://elpacifico2hoa.com/uploads/1/3/0/4/130477278/nesazofexox-muximodudir-fegatuda.pdf
- http://caladivolpe.devsite-1.com/uploads/1/3/0/4/130476120/130476120.html#application+for+temporary+resident+visa+%28imm+5257%29+download
- http://astarboards.com/uploads/1/3/0/5/130551063/86054.p
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000043b2.bin3edddd674c241e04e6c3d7df65778d9a78768584e3c53bdf48c3e668557d70f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x43B2 | 8824 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.