MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded external links, a technique often used for SEO poisoning or to redirect users to malicious sites. The heuristic 'PDF_SEO_LINK_FARM' and ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly indicate a malicious intent. The document body contains a mix of seemingly unrelated text and the URLs, further supporting the idea that the document itself is a lure. No scripts were extracted, limiting the analysis of direct execution capabilities.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://rovizodogtraining.com/uploads/1/3/0/5/130543364/mexozabakuxij_vamegexelomiraj_namob.pdf
- http://webdisk.tidyupkeepers.com/uploads/1/3/0/7/130739712/vapagowajeda.pdf
- http://inworldtechnology.net/uploads/1/3/0/6/130622073/mudesesoxinubujaxor.pdf
- http://ultimatemartialartsusa.com/uploads/1/3/0/5/130551630/lavuviwexuka.pdf
- http://rockhillpestpros.com/uploads/1/3/0/5/130539357/pijujagabokebud.pdf
- http://sharenicely.com/uploads/1/3/0/5/130539843/6616727.pdf
- http://mldreamscape.com/uploads/1/3/0/7/130776229/8a84da3343.pdf
- http://ns2.waterswheel.org/uploads/1/3/0/8/130873769/pedan.pdf
- http://acadiaextracts.net/uploads/1/3/0/8/130813642/c9bb5759707e.pdf
- http://digitaldissident.com/uploads/1/3/0/6/130639121/7403598.pdf
- http://care-assn.net/uploads/1/3/0/4/130488445/2036080.pdf
- http://merhqradio.net/uploads/1/3/0/6/130604518/rinodopapepozut.pdf
- http://trails4tailsfest.org/uploads/1/3/0/6/130604177/sumobeladiviwe-rilikanifewu-tatirer.pdf
- http://marmiger.com/uploads/1/3/0/2/130291769/defevaxoxud_sagejofes_naviwuxategobif.pdf
- http://www.nerdendo.com/uploads/1/3/0/5/130543402/pononovune-pibokeveziwe.pdf
- http://midwestcraftshow.com/uploads/1/3/0/5/130543368/459d7b23530f5.pdf
- http://pixelcharlotte.com/uploads/1/3/0/6/130639841/vivawobekis.pdf
- http://bellabee.org/uploads/1/3/0/8/130814353/vomulixike.pdf
- http://www.yajunshi.com/uploads/1/3/0/7/130776558/8097788.pdf
- http://www.nuwavelocs.com/uploads/1/3/0/5/130539612/nexezevuxi_gowigabiwibepav_molizoliv_dejoruji.pdf
- http://msmonicalittle.com/uploads/1/3/0/5/130589108/9d230ec41e.pdf
- http://www.aromasbakerycafe.com/uploads/1/3/0/6/130621418/2302522.pdf
- http://www.lavc24-7.com/uploads/1/3/0/8/130874595/842c9535c.pdf
- http://buildingbiodiversity.club/uploads/1/3/0/4/130488833/7995259.pdf
- http://cleohogandisabilityadvocates.com/uploads/1/3/0/9/130969080/lobotabilatakukonidi.pdf
- http://1pu5v.bpmtc.com/uploads/1/3/0/2/130270866/130270866.html#rustoleum+upside+down+marking+paint+sds
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001b35.binbc1fbbbb31ea89ba609a4e30837ad1e03dcb49017578a7eccdec1aa5cc02b686 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B35 | 6560 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.