MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the presence of multiple embedded URLs strongly indicate a phishing attempt. The document body contains a mix of seemingly random characters and URLs, suggesting it is designed to trick users into clicking on malicious links that likely lead to further infection. The primary attack vector appears to be the embedded URLs pointing to external PDF files.
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://studiosix.biz/uploads/1/3/0/6/130621730/zuxijiromiminifefod.pdf
- http://motionalstudios.com/uploads/1/3/0/6/130639472/3028608.pdf
- http://spiritualteapot.shop/uploads/1/3/0/2/130271184/7825497.pdf
- http://smokethis.io/uploads/1/3/0/7/130775630/liwudipoxejatepuf.pdf
- http://carmelorganizer.com/uploads/1/3/0/7/130739719/mapexajuzelow-pikugol.pdf
- http://davidmarquesibanez.com/uploads/1/3/0/7/130739750/130739750.html#groin+muscle+wrap
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000109d.binbdeb0e77db64ad4fbb6802b11aff6505f2ca47249695df494d6843e546b7ff7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x109D | 8268 bytes |
font_01_sfnt_off00006449.bind12e1945699adc080c3e2f49a2c45ee9a70cbb178c18d882f92367fcd923f800 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6449 | 16396 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.