MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various domains, suggesting a coordinated effort to distribute content or manipulate search engine results. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a malicious intent, likely related to phishing or traffic redirection. No scripts were extracted from this sample, limiting the ability to determine specific execution behaviors.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://myneverendingbucketlist.com/uploads/1/3/0/7/130740218/zodab.pdf
- http://asiasoft.com.sg/uploads/1/3/0/7/130775978/saluxeb-wawizuluwotuw-tozugavotitufa.pdf
- http://possibilityengine.net/uploads/1/3/0/4/130490681/magimipovepukokupa.pdf
- http://anarogersfitness.com/uploads/1/3/0/2/130287945/6850787.pdf
- http://mytmch.com/uploads/1/3/0/6/130620667/notagujikada.pdf
- http://rtpliving.com/uploads/1/3/0/6/130639780/1480287.pdf
- http://cestagift.com/uploads/1/3/0/6/130620429/sukib-vexopu.pdf
- http://santafedatahub.com/uploads/1/3/0/2/130288542/211cc34ebf6.pdf
- http://kimchibabe.com/uploads/1/3/0/6/130604430/7819718.pdf
- http://bloodmoonfaire.com/uploads/1/3/0/6/130639076/4505589.pdf
- http://camioncubabarcelona.com/uploads/1/3/0/7/130776536/kavogoditubimo.pdf
- http://irc4hr.net/uploads/1/3/0/4/130488141/9350548.pdf
- http://christinareid.net/uploads/1/3/0/5/130539885/sewikos.pdf
- http://kingsbluffhomes.com/uploads/1/3/0/6/130604375/tojuxo.pdf
- http://dragonflyhairco.com/uploads/1/3/0/7/130738662/019da5755c9.pdf
- http://ipoggioli.com/uploads/1/3/0/5/130544190/65ff8f.pdf
- http://silhomes.com/uploads/1/3/0/5/130589243/191e5.pdf
- http://towerthreeventures.com/uploads/1/3/0/6/130639790/sixozigana.pdf
- http://deluxefrenchfries.net/uploads/1/3/0/8/130813141/8544084.pdf
- http://papiramirez.com/uploads/1/3/0/4/130489128/89df5a.pdf
- http://nadeko.org/uploads/1/3/0/5/130544191/gepopikuza_demunigadizo.pdf
- http://mi-12ventures.com/uploads/1/3/0/6/130621669/ef0f46.pdf
- http://whatthehellokitty.com/uploads/1/3/0/6/130622009/8392157.pdf
- http://server65131.misscarols.com/uploads/1/3/0/2/130271165/130271165.html#como+de+escribe+el+abecedario+en+ingles
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004087.bin985cbd9ba5b629f1b749d04d852c0eecb5d8ad374186a1044a60da9476420dc6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4087 | 2788 bytes |
font_01_sfnt_off00004a22.binfa26393da2a16830c5a701842e70075f5d083ef5072ca4d68efab4335373c93c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A22 | 16944 bytes |
font_02_sfnt_off00006569.binb52ddd67c197a9ffa3d1cf5924c1f1aeed160b92d96b1eec153618522fa5279b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6569 | 9420 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.