MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by ClamAV as 'Pdf.Phishing.TtraffRobotInstall-7605656-0'. Static analysis revealed a large number of embedded external links, consistent with a link farm designed to redirect users to malicious content. The document body contains garbled text and references to 'Google sheets shortcuts ipad', suggesting a lure to trick users into clicking the links. The primary attack pattern involves leveraging these links for phishing or malware distribution.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ntkdomains.com/uploads/1/3/0/5/130590356/330770d6c8e81.pdf
- http://cancercars.net/uploads/1/3/0/4/130475981/xebaxituposudatos.pdf
- http://newyearswim.co.uk/uploads/1/3/0/6/130640181/sutelal.pdf
- http://thehnossaproject.com/uploads/1/3/0/4/130476481/4046876.pdf
- https://zizatada.weebly.com/uploads/1/3/0/3/130323567/duvulimaf.pdf
- http://mikaren.com/uploads/1/3/0/4/130476485/465ac9b84661.pdf
- http://gotapu.your-website.name/uploads/2020/01/28/c650e41.pdf
- http://all-things-autism.com/uploads/1/3/0/5/130540645/4507021.pdf
- http://wiges.clotheslux.com/uploads/2020/01/27/1464532.pdf
- http://keyproserv.com/uploads/1/3/0/5/130588693/pelamegegigunakaditu.pdf
- http://diamondsuppliments.com/uploads/1/3/0/2/130270955/dikotu_xukovolit_jumapekadekeji_pamakoval.pdf
- http://unftelecom.org/uploads/1/3/0/5/130551457/komol_jemuvafuzuwu_zovoj.pdf
- http://nimblescooters.eu/uploads/1/3/0/2/130289352/2b515a9f0e.pdf
- http://canlisexhatti.online/uploads/2020/01/28/190254.pdf
- http://coolmanraulh.com/uploads/1/3/0/6/130604336/2698653.pdf
- http://maelabellydance.net/uploads/1/3/0/4/130491418/1454953.pdf
- http://chicagonightlifepass.com/uploads/1/3/0/5/130544067/dijemabobi_masojap_muwupozexivik.pdf
- http://sutusinternational.com/uploads/1/3/0/6/130639580/niruwamu_vekufu.pdf
- http://nelastyles.net/uploads/1/3/0/6/130604341/4fabab6e92e74.pdf
- http://michakisprint.weebly.com/uploads/1/3/0/6/130621426/2562951.pdf
- http://runstrong-ie.org/uploads/1/3/0/3/130313114/4843957.pdf
- http://newdirectionintlmin.com/uploads/1/3/0/4/130483477/b2fa2f5d8e7d3.pdf
- http://jaxope.tmass.online/uploads/2020/01/27/boturatil-xepusazomupadi-wutovatesugiwej-bilizepukob.pdf
- http://bainessphsdrama.com/uploads/1/3/0/2/130291712/menuxu.pdf
- http://jobe.audiostart10.icu/uploads/2020/01/27/bexulugonopaz.pdf
- http://pameladirnberger.com/uploads/1/3/0/5/130590561/130590561.html#google+sheets+shortcuts+ipad
- http://newdirectionintlmin.com/uploads/1/3/0/4/130483477
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001802.bin099f4d33a0802125a090973bb666510750dac101fd027aa8d13e088cb2c3db75 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1802 | 9656 bytes |
font_01_sfnt_off000072e2.binca209b6a1ff066412a98757ca316645e775a0350e1c698c306e5c806a70fb65d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72E2 | 16392 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.