MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The file is a PDF document that contains multiple embedded URLs pointing to other PDF files. The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing or malicious intent. The document body, though heavily obfuscated, contains text related to PDF merging tools, which serves as a lure. The primary attack pattern involves tricking the user into downloading and opening a malicious PDF via these embedded links.
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://asphaltisland.com/uploads/1/3/0/6/130621422/f20dfe32.pdf
- http://pressburg-partners.com/uploads/1/3/0/2/130272629/4c7e1ced3e81.pdf
- http://cookstown.ca/uploads/1/3/0/7/130739777/6238643.pdf
- http://staclaritasc.com/uploads/1/3/0/5/130551464/c03919.pdf
- http://noxita.100kakrd.ru/uploads/2020/01/29/nezojemipa.pdf
- http://chewoncakes.com/uploads/1/3/0/7/130739656/130739656.html#programa+para+juntar+pdf+free
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000010b3.bind3f88ae7e888ad87a992a7794c92f89056a0fcede5583af80c91237ac182cd21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10B3 | 10120 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.