MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which strongly suggests a link farm or distribution mechanism. The ClamAV detection and ML classifier further support its malicious nature. The primary function appears to be directing users to a multitude of other PDF files hosted across various domains.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ministryops.net/uploads/1/3/0/2/130272350/renudiximasup.pdf
- http://amadorah.com/uploads/1/3/0/6/130621702/nuzoz_danum_xobakovasip.pdf
- http://millersgardenservicessuffolk.co.uk/uploads/1/3/0/2/130287291/nikatelafowax-xoxalaxavupum-xedovojagoput-mopejeduje.pdf
- http://lightcodesmusic.com/uploads/1/3/0/6/130621789/sazebolekodogaro.pdf
- http://messianicmetis.ca/uploads/1/3/0/5/130589205/juririrowijatuz.pdf
- http://freestyle.futbol/uploads/1/3/0/7/130775879/vofapesemila-tinuvom-nomegunapekot.pdf
- http://tiffinindia.ca/uploads/1/3/0/2/130273980/dibuxebiritot_fosuxezuxol_mojuwatukasikez.pdf
- http://feeltheq.com/uploads/1/3/0/5/130542866/8413684.pdf
- http://326project.com/uploads/1/3/0/5/130539269/xamenatedekat.pdf
- http://www.maestrowinery.com/uploads/1/3/0/2/130272905/manozedasoroja.pdf
- http://3daet.com/uploads/1/3/0/7/130776068/9625077.pdf
- http://naughtybottom.net/uploads/1/3/0/3/130313564/8472774.pdf
- http://www.leahhugonart.com/uploads/1/3/0/6/130639895/duzosib.pdf
- http://northbridgepropertyrights.com/uploads/1/3/0/2/130288861/2797003.pdf
- http://excelnsulation.partners/uploads/1/3/0/6/130605152/xokisidakatikaf.pdf
- http://casadeoromassage.com/uploads/1/3/0/4/130476661/9555506.pdf
- http://ejkconsultants.com/uploads/1/3/0/5/130542935/burewini.pdf
- http://www.marisolbennett.com/uploads/1/3/0/6/130639929/pezepikibisikakem.pdf
- http://artandphotographyqld.com/uploads/1/3/0/5/130589102/banapul-roxumaj-redataritup.pdf
- http://componentcatalog.dev/uploads/1/3/0/4/130483418/pikalug-vupugimovufu-pugofipesabukar-gotewerosokupip.pdf
- http://www.geodezja.wloclawek.pl/uploads/1/3/0/5/130588692/966901137680f25.pdf
- http://logicalaxis.net/uploads/1/3/0/7/130740618/adf2ca8e1bbd462.pdf
- http://tsvtheshoevault.com/uploads/1/3/0/4/130435688/3099788.pdf
- http://missionmobilizationjonasmuyima.org/uploads/1/3/0/5/130545733/defiba.pdf
- http://julieapercha.com/uploads/1/3/0/6/130640078/gasav_nivepowize_jizipedabefog_judusawonepolil.pdf
- http://mta-sts.justanothersunday.com/uploads/1/3/0/4/130489909/130489909.html#adobe+acrobat+9+pro+upgrade
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001cee.bina0571ed4e1d979378b35d6ad5f9f9a238cf604eeacda920925c7d0849b8a448c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1CEE | 6716 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.