MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of external links to other PDF files, a technique often used for SEO manipulation or to distribute malicious content. ClamAV detected this file as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', indicating a phishing or traffic redirection intent. The presence of a 'download button' heuristic further supports the lure-based attack pattern.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://captainsclub.net/uploads/1/3/0/6/130639839/sinodidefu_lodivema_lumulatemepi.pdf
- http://enviraweb.it/uploads/1/3/0/6/130620542/2408787.pdf
- http://mustaren-farmarik.sk/uploads/1/3/0/2/130289418/5765819.pdf
- http://vfcsa.org/uploads/1/3/0/8/130813144/dobawulidimovi-zolatobepa-sotivikovoda-jogaj.pdf
- http://israsmart.net/uploads/1/3/0/6/130639781/virasuxug.pdf
- http://feijoasarefabulous.com/uploads/1/3/0/4/130483983/kunide_nujurezonani_morubexoxado.pdf
- http://barringtonmasons.com/uploads/1/3/0/4/130488810/wokugixi.pdf
- http://ordervelocity.com/uploads/1/3/0/4/130476262/kinivovadimeje-gewixusawerez-wegibo.pdf
- http://deadpointfilm.com/uploads/1/3/0/6/130605012/tidixapaberijopabego.pdf
- http://rickandjudy.net/uploads/1/3/0/6/130621158/a2e9b512.pdf
- http://plussizeweddingdressma.com/uploads/1/3/0/7/130776661/8519401.pdf
- http://youdrivemetodrink.net/uploads/1/3/0/5/130590682/bavezo.pdf
- http://amityschuyler.com/uploads/1/3/0/7/130738512/12fbd322630d5ed.pdf
- http://www.shortseason.co.uk/uploads/1/3/0/7/130738945/6130722.pdf
- http://hillcountryangelnetwork.com/uploads/1/3/0/2/130291646/772a9eeea1b.pdf
- http://stillmont.com/uploads/1/3/0/5/130551282/8380621.pdf
- http://performancexcellence.net/uploads/1/3/0/7/130775531/2240665.pdf
- http://myearthbistro.com/uploads/1/3/0/6/130620282/woduzudetewaropigus.pdf
- http://www.libidobidil.com/uploads/1/3/0/6/130640033/8707275.pdf
- http://petalumapp.com/uploads/1/3/0/3/130313619/wolate.pdf
- http://rmfavorito.com/uploads/1/3/0/6/130639578/41a62d7e3.pdf
- http://mta-sts.midwifelove.com/uploads/1/3/0/2/130287738/jisamuw_mudolugurop.pdf
- http://nickgrossman.net/uploads/1/3/0/6/130603894/7cbc6983.pdf
- http://kelseyhopebrewer.com/uploads/1/3/0/7/130739510/7731697.pdf
- http://www.bidmcbreasturgeryfellow.com/uploads/1/3/0/6/130640049/jasepunun.pdf
- http://olmecaclean.devsite-1.com/uploads/1/3/0/6/130621425/130621425.html#punjab+kesari+hindi+newspaper+hp
- http://hillcountryangelnetwork.com/uploads/1/3/0/2/130291646/772a
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001ebd.bin5c777597aca79699a29c59dfecc7e76a43acf7dad7017aa3979be111c741c5ba |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1EBD | 7372 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.