MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links to external PDF files hosted on various domains, indicating a link farm or phishing campaign. ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and ML classification further support its malicious nature. The document body's content is largely unreadable due to encoding issues, but the presence of 'Acuerdo de paris cambio climatico resumen' suggests a potential lure related to climate change agreements.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://fiveandlime.com/uploads/1/3/0/4/130435772/notisagakikibugidenu.pdf
- http://treykneller.com/uploads/1/3/0/3/130323616/televezuvewugixulek.pdf
- http://ryanbergeronvoice.com/uploads/1/3/0/6/130604327/vupovesofit.pdf
- http://ventadeterrenosycasas.net/uploads/1/3/0/2/130287813/623098.pdf
- http://needagoodcry.com/uploads/1/3/0/3/130324030/pixozarol.pdf
- http://pricewaterhousecoopers.us/uploads/1/3/0/6/130604378/ec9fde9.pdf
- http://quirkytowers.com/uploads/1/3/0/2/130288326/fefeb_pazizi_sinefowimu.pdf
- http://www.ianosventures.com/uploads/1/3/0/2/130270866/7d0fe95b3b.pdf
- http://calgaryruralmedicine.ca/uploads/1/3/0/2/130289294/b85c7264.pdf
- http://radiantsoulrecords.com/uploads/1/3/0/7/130740148/dabezolalimole-tijawexafezanep.pdf
- http://passouthundtraning.com/uploads/1/3/0/5/130543568/xokivujijex.pdf
- http://sarahchapple.com/uploads/1/3/0/7/130738741/felubonikorume-fapadovut-logige.pdf
- http://tjsmissionoutreach.org/uploads/1/3/0/5/130550930/b008d734.pdf
- http://shinnkelloggllc.com/uploads/1/3/0/7/130775723/2c58b078.pdf
- http://schoolyearbook.pics/uploads/1/3/0/4/130436307/6997683.pdf
- http://senioreducationresource.com/uploads/1/3/0/7/130776503/7607886.pdf
- http://brakepadprices.com/uploads/1/3/0/5/130547078/541b19138b50988.pdf
- http://interventionswithasmile.com/uploads/1/3/0/6/130639849/lemabe-rewafile-xonubegiv-lasivawitare.pdf
- http://sewagebackup.com/uploads/1/3/0/5/130590366/1e053a4490.pdf
- http://whsmithinternational.com/uploads/1/3/0/4/130435783/2159338.pdf
- http://hawthorneblossoms.com/uploads/1/3/0/7/130775589/5423055.pdf
- http://www.poppymcpherson.com/uploads/1/3/0/7/130775263/risovewogopale.pdf
- http://culturallyresponsivesustainedteaching.com/uploads/1/3/0/6/130622007/vixiwojilu_lupomexezesov_digivule_tatezeza.pdf
- http://pnxpartners.com/uploads/1/3/0/5/130551517/5cc9b2d4184.pdf
- http://peacewillowapparel.com/uploads/1/3/0/6/130639334/ea8dfc03.pdf
- http://host237.carmichaelnl.com/uploads/1/3/0/7/130776081/130776081.html#acuerdo+de+paris+cambio+climatico+resumen
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000034e8.binf59b40eeac88851f71a56c44900a93700397f3ff6225dc3d9857979ea1511749 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x34E8 | 8404 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.