MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded URLs, indicating it functions as a link farm. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the PDF_SEO_LINK_FARM heuristic strongly suggest a phishing or malware distribution campaign. The numerous external links likely lead to malicious content or further phishing attempts.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://strawberrycookienv.com/uploads/1/3/0/5/130551310/redugifu_vageni_govujamudad.pdf
- http://costaparadiso.holiday/uploads/1/3/0/8/130814673/8fc90.pdf
- http://rostelekomrt.space/uploads/1/3/0/3/130323181/kiligamo-fikuzane-jugoriruzo.pdf
- http://vapeweed.net/uploads/1/3/0/5/130543466/433f65a.pdf
- http://nobookingfee.org/uploads/1/3/0/5/130589090/wefumogojezutopex.pdf
- http://soaringfish.com/uploads/1/3/0/2/130287514/64e3f7d35a99.pdf
- http://kitchenartdesigntexas.com/uploads/1/3/0/4/130435711/6169602.pdf
- http://operationalysha.com/uploads/1/3/0/6/130620606/rukopuxa-mupiruduseli-zivopufutu.pdf
- http://listenupmedia.net/uploads/1/3/0/8/130814115/05e3111bd9c597c.pdf
- http://0205monshop.host/uploads/1/3/0/5/130588617/tiboxokusukiwanamu.pdf
- http://premiertravelerus.com/uploads/1/3/0/4/130476214/refexawijubo_vesexexarovu.pdf
- http://batonrougenaturalhairexpo.com/uploads/1/3/0/8/130813115/dusubisaxivizikeke.pdf
- http://amusethemeparks.com/uploads/1/3/0/4/130488304/xebode-lesagasoxola-tanotezepazijup.pdf
- http://thera-sports.com/uploads/1/3/0/4/130435710/nutapisepako_pezukot_makufovopovem_radoxelafifetag.pdf
- http://dubaidesignsprint.com/uploads/1/3/0/5/130588202/zidegevinele.pdf
- http://urbanatavist.com/uploads/1/3/0/4/130476372/puzobusupaf.pdf
- http://terbiumprice.com/uploads/1/3/0/7/130775715/2929703.pdf
- http://texastechmagazine.com/uploads/1/3/0/4/130483514/8592564.pdf
- http://getmedeal.com/uploads/1/3/0/6/130639611/5167285.pdf
- http://pursuitofcraftiness.net/uploads/1/3/0/6/130603676/xidojexuka-labaximekomop-xitilud.pdf
- http://tribalethic.org/uploads/1/3/0/6/130639231/kulurijavagelume.pdf
- http://moovsterrelocation.com/uploads/1/3/0/2/130289648/zuzenenowivu.pdf
- http://diamondsuppliments.com/uploads/1/3/0/6/130621479/binem.pdf
- http://oakclass.com/uploads/1/3/0/3/130323167/130323167.html#interstitial+pulmonary+edema+vs+alveolar+pulmonary+edema
- http://thera-sports.com/uploads/1/3/0/4/130435710/nutapisepak
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000019cb.bincd82d0b00675f1b3ae87620ef2c07c8315f5534174f6506f2c290314d7fdbf3f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19CB | 8972 bytes |
font_01_sfnt_off0000c34a.bin298f87a37b282755b17879ef28bd8008b5d5927fa8ce0db4577aba4a05cf2386 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC34A | 16152 bytes |
font_02_sfnt_off0000d80a.bin63f5e27ee3d24cc00d413e59c301cc73ab377383609796993547673f2bea898c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD80A | 2600 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.