MALICIOUS
210
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The PDF contains a direct link to an executable payload disguised as an answer to a question. The heuristic firings indicate this is a link farm designed to host numerous PDFs, likely for SEO poisoning or distributing malicious content. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports a phishing or malicious redirection intent. The primary attack pattern involves luring the user to click a link that leads to a malicious payload.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINKPDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://background-music.info/uploads/1/3/0/6/130620326/kewovebu-muxara-kefezagigog.pdf
- http://trevornewtonartist.com/uploads/1/3/0/7/130776130/fesugotudesotilar.pdf
- http://tiffanybierly.com/uploads/1/3/1/0/131069992/ebba720.pdf
- http://badgeyourclassroom.com/uploads/1/3/0/3/130323469/sozomiziwex.pdf
- http://biztriage.com/uploads/1/3/0/2/130274146/xixiwoguxududus_xizilezi_tevipixad_jupinin.pdf
- http://andreaforgood.org/uploads/1/3/0/4/130488470/zupunobamine.pdf
- http://brevardautodeals.com/uploads/1/3/0/6/130604361/rirapu-kuvosu-nevaroruje-sikelugipikot.pdf
- http://bavarian-opera-academy.com/uploads/1/3/0/6/130621444/jujowamuduzerozejot.pdf
- http://motherhenmusic.org/uploads/1/3/0/3/130313294/dagasef.pdf
- http://newseynessa.com/uploads/1/3/0/8/130873870/sukirejowibi-tudimumuzukewe-kokabe.pdf
- http://kellyrayburn.com/uploads/1/3/0/7/130740025/mapinopixifirusagi.pdf
- http://threefoolscoffee.com/uploads/1/3/0/6/130622076/993979.pdf
- http://gvssl.com/uploads/1/3/0/7/130776673/b2119bd108d2282.pdf
- http://www.draagbarezuurstofconcentrator.net/uploads/1/3/0/6/130604700/lularifu_bipowawevobozu_besoniza.pdf
- http://barremanagement.com/uploads/1/3/0/3/130313088/temusokatov-temef-sigagibavugebuf.pdf
- http://www.justinmarcheselmft.com/uploads/1/3/0/2/130270893/1c452f3c107.pdf
- http://www.amberaasman.ca/uploads/1/3/0/5/130547405/7446648.pdf
- http://www.fromboxedtohomemade.com/uploads/1/3/0/7/130739393/zizijuxutitavugez.pdf
- http://mocamarketing.com/uploads/1/3/0/2/130272353/banobapa-vusisumiduse.pdf
- http://elemenostudios.com/uploads/1/3/0/4/130476525/xagevi_kedumuz_pidelagat.pdf
- http://totallydreams.com/uploads/1/3/0/5/130588961/130588961.html#what+is+the+first+law+of+thermodynamics+also+known+as+answers.com
- http://background-music.info/uploads/1/3/0/6/130620326/kewovebu-muxara-kef
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000342d.binea923653b4711a71ea24c67dc33ec09a65f309c09dfcef7ccf8859deed1ae318 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x342D | 7364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.