MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links, identified as a link farm, with the primary URL being http://setsdrama.org/uploads/1/3/0/4/130489604/9776589.pdf. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the 'PDF_SEO_LINK_FARM' heuristic strongly indicate a phishing or traffic-driving campaign. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic further supports the lure mechanism.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://setsdrama.org/uploads/1/3/0/4/130489604/9776589.pdf
- http://koxivokuf.repuljvelunk.website/uploads/2020/01/28/refidelumelinar.pdf
- http://jaxasezi.kekleads.com/uploads/2020/01/29/bulorek-kobine.pdf
- https://kamowexu.weebly.com/uploads/1/3/0/2/130289530/lanejoje-ralavimeto-lepadatovut.pdf
- http://jume.blogmale.pw/uploads/2020/01/27/fupaxo.pdf
- http://nozakixogo.cuelol.info/uploads/2020/01/27/wituma-womadigunezu.pdf
- https://zenuwalag.weebly.com/uploads/1/3/0/5/130551247/losodunabifunud.pdf
- http://commercialequipmentparts.com/uploads/1/3/0/5/130544898/b2002e55f.pdf
- http://puwikigej.invoicing.space/uploads/2020/01/27/lunatijujagix-wuvej-lekewibana-detejife.pdf
- http://vete.jahtennaja-shkola.ru/uploads/2020/01/28/4bf2a.pdf
- https://dafozufajuzun.weebly.com/uploads/1/3/0/5/130541140/6516025.pdf
- http://ferreirawellness.com/uploads/1/3/0/4/130476816/nivezujo.pdf
- http://7000extreme.com/uploads/1/3/0/6/130603808/divufadijoz-kosebenupoxejut-zaparixo-xonazowumi.pdf
- http://cherylgrayfineart.com/uploads/1/3/0/2/130272102/zidinodofelidanomesu.pdf
- http://waka.amitsheth.net/uploads/2020/01/28/aae2413c1fac9f7.pdf
- http://lujatatibe.kupitzerkalo.ru/uploads/2020/01/27/vudedibafir.pdf
- http://rogujurepe.meriphotographe.com/uploads/2020/01/28/nakifovisawe.pdf
- http://capecodcoastalhomeinsurance.com/uploads/1/3/0/4/130476853/4805734.pdf
- http://butosaroko.fxtradeltd.info/uploads/2020/01/28/vefurewibozis.pdf
- http://jijamowo.fineremont.ru/uploads/2020/01/27/4474b8c95.pdf
- http://ximew.onemagazin.ru/uploads/2020/01/27/8786840.pdf
- https://raxupizimav.weebly.com/uploads/1/3/0/4/130476006/1834085.pdf
- http://veporuto.bungartz.ru/uploads/2020/01/28/piriga_nowidun_tuwefivutugirip_vunafufugomos.pdf
- http://luisacostagomes.com/uploads/1/3/0/5/130589297/3241438.pdf
- http://wimuto.angrybirds.tech/uploads/2020/01/28/4b3816b253945.pdf
- http://bassittdesigns.com/uploads/1/3/0/3/130323210/130323210.html#download+photoshop+cs7+portable+full+version
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000019a1.bin8f7a58e928b4ddebf9263b766fae3756ae7dee7d1dba52a5cd7109d1ab46eec5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19A1 | 7920 bytes |
font_01_sfnt_off00006e37.bin5d7ebd720715cd86529581f1d40cc643f68465477bd430d4be5ff736bc95f798 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E37 | 16268 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.