MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The file is a PDF document that contains multiple embedded URLs, all of which are flagged as unknown reputation. The ClamAV detection and ML classifier strongly indicate maliciousness, specifically identifying it as a phishing attempt. The document body, though heavily obfuscated, suggests a lure related to an 'application letter format for teaching job' to entice users to click on the malicious links.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mich-interiordesignllc.com/uploads/1/3/0/6/130604948/7436074.pdf
- http://detourmovement.org/uploads/1/3/0/2/130272892/wujawiba.pdf
- http://rideamr.com/uploads/1/3/0/5/130551013/1226317.pdf
- http://no1pornreviews.com/uploads/1/3/0/6/130604067/wixunaposed-suwosuwawapoj-vasexigeg.pdf
- http://zomo.utlytesof.pro/uploads/2020/01/28/8902161.pdf
- http://davidmarquesibanez.com/uploads/1/3/0/2/130292143/130292143.html#application+letter+format+for+teaching+job
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000122e.bin1fe79d2b00f7524aabaa1afd31a836bf7bf71ff5b2edb8f2de9c50b20e5acfbd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x122E | 7624 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.