MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to distribute further malicious content. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing or traffic-driving intent. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the immediate payload.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://100percentvoting.com/uploads/1/3/0/4/130483959/5169238.pdf
- http://drandrewwalker.com/uploads/1/3/0/5/130538817/pubelunubukiv_tovinupofogudix_nepeved_dujasa.pdf
- http://zebe.olgakuhni.ru/uploads/2020/01/28/nigefemotorofi.pdf
- http://xemepumiw.fotografs.ru/uploads/2020/01/28/kojamonudemopezej.pdf
- https://vudixoxim.weebly.com/uploads/1/3/0/5/130538841/dasaso_giroridaxu_zipojusivuwe_fenexoxowafaga.pdf
- http://littlefishpress.com/uploads/1/3/0/5/130540504/6945663.pdf
- http://dinuw.rttelekom.online/uploads/2020/01/28/remadorolud.pdf
- http://amidiscipulandonaciones.com/uploads/1/3/0/6/130621740/3304029.pdf
- http://ixilist.com/uploads/2020/01/29/wodulusafetado.pdf
- https://zedebikowub.weebly.com/uploads/1/3/0/4/130435745/2591084.pdf
- http://fefilex.motivationluxury.com/uploads/2020/01/28/8f27bea8.pdf
- https://ripegunosivo.weebly.com/uploads/1/3/0/2/130288775/xurovana.pdf
- http://albuquerquemobilenotary.com/uploads/1/3/0/4/130435839/gofide.pdf
- http://mdp.gallery/uploads/1/3/0/4/130489604/valowolef_zupew_jowide.pdf
- https://fogobazugu.weebly.com/uploads/1/3/0/2/130272428/demevu.pdf
- http://learnmeraprojects.com/uploads/1/3/0/5/130547924/jogal.pdf
- https://lukugosojaz.weebly.com/uploads/1/3/0/4/130490808/6f2d23.pdf
- http://kagez.visitbilyarsk.ru/uploads/2020/01/27/cb9723e07599d.pdf
- http://farmhousesolutionsllc.com/uploads/1/3/0/6/130605173/420928.pdf
- http://theladyofthestones.com/uploads/1/3/0/4/130476204/goziwarole.pdf
- http://ciggysound.com/uploads/1/3/0/6/130621431/130621431.html#minecraft+for+windows+7+ultimate+free
- http://learnmeraprojects.com/upl
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000017e5.bin409bae5acac60158daf19773721a30754cc14a2e966fb5e4951388f8a90cb9fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17E5 | 8848 bytes |
font_01_sfnt_off00006617.bineaa4dde51fd04d4db8dc223d97e5e1aeb2070941b7c144db1acc557f645d9ab7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6617 | 4184 bytes |
font_02_sfnt_off00007293.binbb66d78edca8aa75a8db461931e44ad6eab12e4cd439df836d92d13c6ef6c22d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7293 | 2668 bytes |
font_03_sfnt_off00007b71.bin8dbfdde5ef43b766e97fcdfba89847285849b842e16f1af612afa385f9f93e25 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B71 | 16220 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.