MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files. This indicates a likely attempt to distribute malicious content or conduct phishing through a link farm. The ML classifier and ClamAV detection strongly support the malicious verdict. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://puxoxumi.like-ball.com/uploads/2020/01/27/bd4c5e34262651.pdf
- http://caitlinmorrison.com/uploads/1/3/0/4/130476004/kazojovuver_warekutapes_weperenip.pdf
- http://tuzedo.1-gc.org/uploads/2020/01/28/7081582.pdf
- http://dateurbate.club/uploads/2020/01/28/6481b2d32ba691.pdf
- http://nicholsonsbar.com/uploads/1/3/0/6/130604185/runojag_toludoduzusutiv_xoxonagepabozas.pdf
- http://mycthomson.com/uploads/1/3/0/2/130272973/gaxako-gizepovo-kixabudinuv-rinutevopavak.pdf
- http://morongovalley.org/uploads/1/3/0/4/130476342/xijowogiduvupu.pdf
- http://arteducationdesign.com/uploads/1/3/0/2/130289259/761495e94a.pdf
- http://fetafi.coldmineral-soap.com/uploads/2020/01/27/1390131.pdf
- http://naydacollazollorens.weebly.com/uploads/1/3/0/6/130604768/memedozuxumemaj-rodaraxofagome-pojoxaxururo.pdf
- https://gegifekamupo.weebly.com/uploads/1/3/0/3/130379049/muvitiwedivuv-xojuxule-revakoje-fuxefiwatuvota.pdf
- http://sminkguiden.com/uploads/1/3/0/3/130323461/xiwukajunive.pdf
- http://audioallure.com/uploads/1/3/0/5/130539344/xaganesejej.pdf
- http://nicolemartinetti.com/uploads/1/3/0/2/130288341/7f7d666e4c6.pdf
- http://poesie-maze.net/uploads/1/3/0/5/130550672/wagupusedobeso.pdf
- http://metconeng.ca/uploads/1/3/0/5/130551066/febikepef.pdf
- http://tesaku.rosstelekom.pro/uploads/2020/01/27/45d7c912014.pdf
- http://yoga-with-neil.weebly.com/uploads/1/3/0/4/130489055/4184847.pdf
- https://judigukukegenat.weebly.com/uploads/1/3/0/5/130590126/9886362.pdf
- http://nov.secondlives.biz/uploads/2020/01/28/1464946.pdf
- http://adayofhope.co/uploads/1/3/0/3/130379445/najav.pdf
- http://mfengshui.com/uploads/1/3/0/5/130550681/xomuwasodo-ximuxubuteporo.pdf
- http://top-shop21.ru/uploads/2020/01/29/5231147.pdf
- http://dougzanderart.com/uploads/1/3/0/5/130543141/6724811.pdf
- http://kreativekidsworld.com/uploads/1/3/0/6/130603789/130603789.html#sony+vtc6+datasheet+pdf
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000019a0.bin27585495dd50db85cc54c3afe9309f2e66c186209a7e278b12729b4ea7c6f1f6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19A0 | 9860 bytes |
font_01_sfnt_off00007245.bin9d36b2815cb67e6f65ee2b06e336b71ffe1355dec6626ce4666a016e66c102b1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7245 | 16560 bytes |
font_02_sfnt_off00008875.binc9f2766864d727e1393aa645f689f1e349cca9ca80d00af93de57b1bbf7dc8a8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8875 | 5532 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.