MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was detected by ClamAV as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', indicating a phishing or traffic redirection campaign. The heuristic 'PDF_SEO_LINK_FARM' confirms the presence of numerous external links, with the first identified URL being http://desertcharmweddingcoordination.com/uploads/1/3/0/6/130639513/sutijosajugigoxiro.pdf. This suggests the document's primary purpose is to lure users to these external sites, likely for malicious purposes such as credential harvesting or further malware delivery.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://desertcharmweddingcoordination.com/uploads/1/3/0/6/130639513/sutijosajugigoxiro.pdf
- http://besthairextensionswilmington.com/uploads/1/3/0/6/130639098/6784922.pdf
- http://shanghaigourmet.us/uploads/1/3/0/3/130323675/fd21ce26d.pdf
- http://escape2you.com/uploads/1/3/0/5/130588894/nunudugemadavu_sijijukufumimu.pdf
- http://makethewaitgreat.com/uploads/1/3/0/6/130620509/bobowanoxepuseja.pdf
- http://stphilipstheevangelist.org/uploads/1/3/0/7/130776233/nikawikago.pdf
- http://scriptwriterscene.com/uploads/1/3/0/2/130272470/daxuki.pdf
- http://vanessarochontierney.com/uploads/1/3/0/7/130775172/4a0980d0fb8.pdf
- http://spindoctorspromotions.com/uploads/1/3/0/7/130775078/4458599.pdf
- http://momentumbase.com/uploads/1/3/0/5/130543494/905307cb1cb.pdf
- http://nangginkui.com/uploads/1/3/0/3/130324248/817c5c4ac5.pdf
- http://studentcenteredclassroomassistant.com/uploads/1/3/0/7/130776735/guxeniwiwojafowig.pdf
- http://goanterior.org/uploads/1/3/0/5/130540824/53a0c2db897e08f.pdf
- http://beautycreationsbychels.com/uploads/1/3/0/7/130775489/28403d69.pdf
- http://theknopper.com/uploads/1/3/0/5/130539442/buwulafivexap.pdf
- http://heilalagarcia.com/uploads/1/3/0/7/130776875/1955336f285.pdf
- http://athomewithcharlie.com/uploads/1/3/0/7/130740497/juwabalarev_najir_dajovalix_zedaw.pdf
- http://concoursocial.com/uploads/1/3/0/6/130621228/tuganax_kimuwulus_bakagobixozet_memojorudorejit.pdf
- http://thedadadvice.com/uploads/1/3/0/5/130588419/72d8f94b7159845.pdf
- http://griffongundogs.com/uploads/1/3/0/4/130436078/kiwegofifakela_pizej_tabiwip_goludidugapezov.pdf
- http://northbrooksda.com/uploads/1/3/0/6/130620598/setaluxuvur.pdf
- http://www.martinawarwickphotography.com/uploads/1/3/0/8/130813755/xijaxutiti.pdf
- http://shop.coquito.us/uploads/1/3/0/3/130313445/tatage.pdf
- http://quartneibrown.com/uploads/1/3/0/5/130551063/e36b6d0.pdf
- http://www.sam-tisher-senio-1.rominastiebenphotography.com/uploads/1/3/0/9/130969552/130969552.html#autodesk+3ds+max+2020.2+update+only
- http://stphilipstheevangelist.or
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003816.bin854b63f54ad7f8e9f517ad31f8af8889cec5e52a5e034d3c3e1a8ac571cbd888 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3816 | 8108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.