MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious Link
T1204.001 Malicious Link: Malicious Link
The PDF document contains a large number of external links, many of which point to other PDF files, suggesting a link farm for SEO or traffic redirection. The heuristic 'SE_BROWSER_INSTALL_LURE' indicates the document's content is designed to trick the user into installing a browser extension or update. This is further supported by the ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0', which points to a phishing and traffic redirection scheme. The primary intent appears to be social engineering users into installing potentially malicious software or visiting malicious sites.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://prettybakedqueens.com/uploads/1/3/0/4/130488181/3663408.pdf
- http://poguzek.rentkazan.com/uploads/2020/01/29/832712.pdf
- http://hasanpeays.net/uploads/2020/01/28/figaduxoref.pdf
- https://fedafoxaj.weebly.com/uploads/1/3/0/5/130588531/bikigasevelujupago.pdf
- http://msbr.ca/uploads/1/3/0/6/130620943/7677750.pdf
- http://bnaiisraelnc.com/uploads/1/3/0/4/130477775/xesobasun_pugomikut.pdf
- http://kuteandkurvy.com/uploads/1/3/0/6/130621946/mujotajedoda.pdf
- http://cbconservation.com/uploads/1/3/0/5/130547728/serepar-xamivibetanojaw-vijozufelog.pdf
- http://msmaco.com/uploads/1/3/0/4/130488626/3210672.pdf
- http://aprilfricke.com/uploads/1/3/0/5/130551072/7173777.pdf
- http://bsmithcontracting.com/uploads/1/3/0/6/130605492/1777abcd4ca5c5a.pdf
- http://cascadeinvestor.com/uploads/1/3/0/4/130476098/8772699.pdf
- http://stylesnsmilessalon.org/uploads/1/3/0/6/130639215/66bf106ca3e87.pdf
- http://vokudovoz.100kakrd.ru/uploads/2020/01/28/logafis_kubitutesamexit_xarusubaxuvek.pdf
- http://mesosu.evacuator-perm.com/uploads/2020/01/28/tavabatuniloj.pdf
- http://jevolare.paypal-support-limitted.com/uploads/2020/01/27/gesusajezaxade.pdf
- http://montessorimentor.org/uploads/1/3/0/2/130272474/fifuwax.pdf
- http://wup.ajarnarm.com/uploads/2020/01/28/weneze-liguborema-rexedamegosavok.pdf
- http://amartvn.com/uploads/1/3/0/6/130620982/fexaxoxope.pdf
- http://dekufuxari.cabinet-otpbank.info/uploads/2020/01/29/315939.pdf
- http://abundantpeacechildbirth.com/uploads/1/3/0/2/130291350/4548056.pdf
- http://mgodfreycreative.com/uploads/1/3/0/6/130639571/130639571.html#chrome+windows+32+bit
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001660.bin77793c80d9a10f4b7a6673219a3fb4914e8a64e66b5d2516513cc8f1b95390ac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1660 | 8284 bytes |
font_01_sfnt_off000064e8.bin45c39c4315a5d00962143d4102937301eb2649728d6de39b959633cfc30365c3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64E8 | 16144 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.