MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various domains, suggesting a link farm or a distribution mechanism for malicious content. The ClamAV detection and ML classifier further support its malicious nature. The document body content appears to be corrupted or malformed, preventing a clear understanding of its immediate lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://jokebits.net/uploads/1/3/0/5/130551391/jusoro_nekilulorola.pdf
- http://thewebsterfam.com/uploads/1/3/0/6/130604637/kovipos_zijidog_pamoxejumatawa_pupetidopudeber.pdf
- http://www.pictureperfectdesigners.com/uploads/1/3/0/6/130605357/zonelinad-pisos-gafizo-loxaf.pdf
- http://unknownmuzic.com/uploads/1/3/0/9/130969430/a1356e1761af4e9.pdf
- http://vrwresting.com/uploads/1/3/0/2/130289476/21188f06b021.pdf
- http://gatascuritiba.com/uploads/1/3/0/7/130739446/sisozidawopotakixow.pdf
- http://michaelronaldblake.com/uploads/1/3/0/5/130588248/rusov_bomalofowutob_nazap.pdf
- http://macmarketplace.net/uploads/1/3/0/5/130551257/310c5.pdf
- http://mentalhealthdays.org/uploads/1/3/0/8/130814187/6308293.pdf
- http://artintimidatinglife.com/uploads/1/3/0/6/130621025/babiw.pdf
- http://grupit.com/uploads/1/3/0/5/130589345/7543497.pdf
- http://tieroneacademy.net/uploads/1/3/0/2/130271207/rijiv.pdf
- http://2bsaltnlight.com/uploads/1/3/0/7/130775749/9836549.pdf
- http://psychomotricite-pays-bas.com/uploads/1/3/0/7/130739830/ranelejaxisejuz.pdf
- http://southernfrontrange.com/uploads/1/3/0/5/130588527/9286411.pdf
- http://marmiger.com/uploads/1/3/0/5/130539726/e658a.pdf
- http://microbladingcairns.com/uploads/1/3/0/6/130621228/c90deff.pdf
- http://mikemasseywealthmanager.com/uploads/1/3/0/5/130543483/zoguragusatipig.pdf
- http://town-countryremodeling.com/uploads/1/3/0/6/130603779/5098530.pdf
- http://olympic-custom-construction.com/uploads/1/3/0/5/130589020/cd4ea9a3fa8.pdf
- http://domesticabuseministry.org/uploads/1/3/0/3/130313049/bosanun_juvajexal_pugufugipasulor.pdf
- http://yahnketreeservice.com/uploads/1/3/0/5/130588922/9994197.pdf
- http://www.cfbmediation.com/uploads/1/3/0/5/130588403/5688121.pdf
- http://lykkenkommerindefra.dk/uploads/1/3/0/7/130776334/130776334.html#simple+past+regular+verbs+positive+negative+and+questions+exercise
- http://artintimidatinglife.com/uploads/1/3/0/6/130621025/bab
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001c07.bin40a403f8312ff9c93041e514e965a4d57d797ba541f1da729710ef172887bfc2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C07 | 16060 bytes |
font_01_sfnt_off00003049.bine2f1373bf3d70a40ff4276a486f0a1d2d32154e4f45ad1243a44c3d3b7d91cea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3049 | 2652 bytes |
font_02_sfnt_off00003bb3.bin8c17cd6ad04a71db4fd54fea323fb48347e7906b1c19caf185d815e2231412b8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3BB3 | 6800 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.