MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded links to external PDF files hosted on various domains, indicating a link farm or SEO manipulation tactic. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier output strongly suggest malicious intent. The primary goal appears to be directing users to a network of sites, likely to distribute further malware or engage in phishing activities.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://eaa70.com/uploads/1/3/0/4/130483679/suxewutozipowipila.pdf
- http://sugooi.com/uploads/1/3/0/5/130588276/talifumasidok-nosuluxasi-vesegidof-xonal.pdf
- http://snowdonia-estateforsale.com/uploads/1/3/0/6/130621095/vatosularuzav-wakafalave-mavaxemigof-dufijejimoja.pdf
- http://www.ruthtenzerfeldman.com/uploads/1/3/0/7/130776346/06e50c7ae07ecc.pdf
- http://csunpanhellenic.com/uploads/1/3/0/8/130813855/122899.pdf
- http://tcsavet.com/uploads/1/3/0/2/130289277/jutedolofarirud-vipiwiridegozad.pdf
- http://www.skadooshdance.com/uploads/1/3/0/7/130775870/beguzazelofamot-gakuzatujikivo-rodomemufizen-ganexuxuxelap.pdf
- http://casbaad.it/uploads/1/3/0/7/130776508/lodazo.pdf
- http://uvproclean.com/uploads/1/3/0/8/130814674/bafituwusarawe-pilivome.pdf
- http://charitysalon.org/uploads/1/3/0/5/130589213/lizisolevol.pdf
- http://yustispizzapasta.site/uploads/1/3/0/8/130814421/4cb3c521a7.pdf
- http://ampedupelectric.net/uploads/1/3/0/7/130774972/zebibemazanagijev.pdf
- http://mendezsons.com/uploads/1/3/0/5/130539408/wirafu_lagogopi.pdf
- http://vertes.com.sg/uploads/1/3/0/4/130476203/34eb6431ec.pdf
- http://themanadvice.com/uploads/1/3/0/5/130545001/8569ed4ced7f.pdf
- http://sfsparkscheerleading.com/uploads/1/3/0/6/130621507/bitar.pdf
- http://sassyelephants.net/uploads/1/3/0/7/130776791/cb069b5.pdf
- http://www.palisaderock.com/uploads/1/3/0/2/130273798/8676283.pdf
- http://taxauctiontitle.com/uploads/1/3/0/4/130492315/jivosefozefemab.pdf
- http://fireyourboss.us/uploads/1/3/0/5/130589231/bobasunilezopuvetoxe.pdf
- http://mylaurabelle.com/uploads/1/3/0/4/130475966/lubugub.pdf
- http://naturalisllc.net/uploads/1/3/0/5/130588731/0f29dc211f3d417.pdf
- http://rnnext.org/uploads/1/3/0/6/130639956/2214845.pdf
- http://bearvbaby.net/uploads/1/3/0/3/130324416/nikegol_luwixosozodat_lemodevuminaw.pdf
- http://webmail.coprimag.com/uploads/1/3/0/6/130604151/130604151.html#adipic+acid+dihydrazide+density
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003dcc.bine2f1373bf3d70a40ff4276a486f0a1d2d32154e4f45ad1243a44c3d3b7d91cea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3DCC | 2652 bytes |
font_01_sfnt_off0000465f.bin5799fb81e261f6dd50ff9b503e85c44e438542e2bf8c8893756d066a073750d7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x465F | 6496 bytes |
font_02_sfnt_off00005979.bin3e70014c161f47761345b67bdf8199777dd13915134eebca1336917040a0da1c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5979 | 8448 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.