MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, with one pointing to 'trafftec.ru', suggesting a link farm or SEO spam tactic. ClamAV and ML classifiers identified the file as malicious, specifically as a phishing trojan. The presence of embedded URLs and the heuristic 'PDF_SEO_LINK_FARM' indicate an attempt to direct users to external, potentially malicious, websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.7686
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafftec.ru/aws?utm_term=guide+to+arranging+music+pdf
- https://vutakajar.weebly.com/uploads/1/3/4/8/134896426/1776257.pdf
- https://static.s123-cdn-static.com/uploads/4502248/normal_5fcb2138609b1.pdf
- https://pirovosarelivo.weebly.com/uploads/1/3/1/4/131406751/wamavupozalamosoteli.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://static1.squarespace.com/static/5fc5c50e1c8c741314534cd3/t/5fcd6641920f47545ba6d819/1607296577943/94350605847.pdf
- https://static1.squarespace.com/static/5fc10c85bdb33045eec3233b/t/5fc7f717d89c4f4741ec791c/1606940441453/how_to_download_groupme_app_on_iphone.pdf
- https://static1.squarespace.com/static/5fc5340ff9866f3fd2f0118d/t/5fc8ae376652ad59ec2eb3a3/1606987319965/kefefolidirujiveni.pdf
- https://uploads.strikinglycdn.com/files/9e8f75bd-9bbb-4923-a91b-1e3ee5871615/wumesuwaguwurubexemeb.pdf
- https://static1.squarespace.com/static/5fc5331d17e72026400627cf/t/5fc8e1e8d17d55300fb8e8ad/1607000552644/mitavowafumoma.pdf
- https://s3.amazonaws.com/gofilafixu/how_to_cite_beowulf_mla_8.pdf
- https://static1.squarespace.com/static/5fc0c67840f1034a5ca82603/t/5fc29881e6d49a06bbe750a7/1606588546042/the_gingerbread_man_short_story.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe08c6f81c9a2a0c6944ab/1606289607003/25263772433.pdf
- https://s3.amazonaws.com/wikurixobelu/54316517558.pdf
- https://static1.squarespace.com/static/5fc5303b8ef7301f8b2cf6bd/t/5fcd274874a40730fba19735/1607280457106/big_button_flip_mobile_phone_for_elderly.pdf
- https://static1.squarespace.com/static/5fc141b28ef7301f8b131a8a/t/5fc3bfbf2dd96f5918604d96/1606664128047/11667548150.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cbe7.binc2fd7a562cbd65472c5948b2131c466b0138789a1fa59c4330b550318f809ed6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCBE7 | 5356 bytes |
font_01_sfnt_off0000de08.bin3dedf6379df86e2c2ddf95ab3dc5bdfa386140f0602db3d750a3694291412eac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDE08 | 9984 bytes |
font_02_sfnt_off0000fffe.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFFE | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.