MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of external links, as detected by the PDF_SEO_LINK_FARM heuristic, pointing to other PDF files on various domains. This is indicative of a link farm used to distribute malicious content or for SEO poisoning. The ML classifier and ClamAV detection strongly support its malicious nature. The embedded URLs suggest a phishing or malware distribution campaign.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://hoosierfavorites.com/uploads/1/3/0/5/130588948/sotukitezi.pdf
- http://nativelabjp.com/uploads/1/3/0/2/130288412/julegumegurimemul.pdf
- http://thelivechatcafe.com/uploads/1/3/0/6/130621057/9276105.pdf
- http://chipinc.org/uploads/1/3/0/6/130621841/gopikis_lepunurafaxego.pdf
- http://tacodelcampus.com/uploads/1/3/0/3/130313286/nedarixabol.pdf
- http://tyegreenca.co.uk/uploads/1/3/0/5/130590469/zenexeku.pdf
- http://bestlittlelawfirm.com/uploads/1/3/0/4/130488273/4416892c5.pdf
- http://modernparentingnetwork.com/uploads/1/3/0/7/130739140/3651411.pdf
- http://saddlepaddle.co.uk/uploads/1/3/0/6/130604779/zibegifat.pdf
- http://thehmoexchange.co.uk/uploads/1/3/0/6/130605161/gaxagorogif_rojaburetojalim_nukiwamonamamek_fazuxefamimoda.pdf
- http://www.thegoldenreikicenter.com/uploads/1/3/0/7/130775634/23c77eb.pdf
- http://campuscrowd.in/uploads/1/3/0/6/130603955/xofojowuzu_revazepezogof_xujesivu.pdf
- http://javajivemugs.com/uploads/1/3/0/5/130550800/pivukelo_xaxuxezomeginuv_vabebu.pdf
- http://circoestodo.com/uploads/1/3/0/5/130551468/1988561.pdf
- http://palazzo-estates.com/uploads/1/3/0/2/130289411/jukuduxalu.pdf
- http://webmail.kreivila.fi/uploads/1/3/0/7/130739301/salopi.pdf
- http://tradingblockpro.com/uploads/1/3/0/4/130488506/bixinolexeda_mimup.pdf
- http://amyringjewellery.co.uk/uploads/1/3/0/9/130969562/dc2ca77ca582.pdf
- http://www.alexandriahustlerisingstars.com/uploads/1/3/0/3/130313294/geramojirovorezazaf.pdf
- http://mooregoodhairdays.com/uploads/1/3/0/6/130622036/vejofofebotur.pdf
- http://dixielandv.com/uploads/1/3/0/4/130489727/pagezixa.pdf
- http://mymlmbiz.com/uploads/1/3/0/4/130476697/b4e734c64ba75a.pdf
- http://beachhousemedia.us/uploads/1/3/0/7/130740371/bekun.pdf
- http://antsearthmoving.designpreviewer.com/uploads/1/3/0/6/130603860/naxob-matenuda.pdf
- http://adam-ritchling-s-1.rominastiebenphotography.com/uploads/1/3/0/8/130874239/130874239.html#law+firm+accounting+and+financial+management+pdf
- http://circoestodo.com/uploads/1/3/0/5/130551468/1988561
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003291.bind169014708e920e46009823e8e770dcbb4cbb0351f4b61cd14c6e5641a6640bd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3291 | 8048 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.