MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass link farm pointing to numerous external PDF files, a common technique for SEO poisoning and distributing malicious content. The document body text, though partially corrupted, mentions 'PPF account application form download' and 'different banks', aligning with the 'SE_PAYMENT_REDIRECT_LURE' heuristic. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further confirms its malicious nature, likely related to phishing or traffic redirection.
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://newspin.net/uploads/1/3/0/6/130639994/gikire_laxaxotaza.pdf
- http://mastervladimir.com/uploads/1/3/0/4/130476650/1542096.pdf
- http://saferescuefordogs.com/uploads/1/3/0/8/130814145/815405.pdf
- http://thirdactx.com/uploads/1/3/0/6/130620185/jatelolode_novura_jixonosejawaw.pdf
- http://oxolaxofix.com/uploads/1/3/0/6/130622084/8128629.pdf
- http://houseybox.com/uploads/1/3/0/6/130603891/115b215.pdf
- http://www.maternity-depot.net/uploads/1/3/0/6/130603866/lemowejo_dadekonujumug_bunozopuxesuw_dosajasazat.pdf
- http://alrt.store/uploads/1/3/0/3/130313471/vekosepegirex.pdf
- http://drtimothytandrow.com/uploads/1/3/0/9/130969431/1229929.pdf
- http://sk8roxy.com/uploads/1/3/0/5/130545128/502554.pdf
- http://adhdplanet.org/uploads/1/3/0/7/130775033/zakivekaze_zugorojaleb.pdf
- http://new2ufashions.net/uploads/1/3/0/2/130272932/kozufufugaxajimage.pdf
- http://sanisphere.com/uploads/1/3/0/4/130483757/wekola.pdf
- http://craigsimonson.com/uploads/1/3/0/6/130620537/xagig-vilaririsebujo-kazudula-mepininefubidox.pdf
- http://nangreypottery.com/uploads/1/3/0/7/130739502/pitakulofebome_renop.pdf
- http://mrandersonllc.com/uploads/1/3/0/7/130775221/fopegu.pdf
- http://elektromet.shop/uploads/1/3/0/4/130491418/863991.pdf
- http://mercadohuanacaxtle.com/uploads/1/3/0/7/130739682/feteb_xisorulerilelav_nosojokal.pdf
- http://esemkb.com/uploads/1/3/0/7/130775137/b7462cb9ceec.pdf
- http://steveburketraining.com/uploads/1/3/0/2/130287919/xowurogodido.pdf
- http://samsainstitute.net/uploads/1/3/0/4/130483492/vajimiruvivoji.pdf
- http://nirvanalove.org/uploads/1/3/0/7/130775384/tetod-jibakibadesida-zewakumir.pdf
- http://o7ngg.bpmtc.com/uploads/1/3/0/6/130639486/130639486.html#sbi+ppf+account+application+form+download
- http://mrandersonllc.com/uploads/1/3/0/7/130775
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000032f7.bin83d89f79375f7f339e88070a8779324ce221c94923bff415e388e162fbc46cfe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32F7 | 2604 bytes |
font_01_sfnt_off00003e85.bin676d7dd50ece50f208bdac10a13d7c31f676f3f21e548f747fdb63aa191af379 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E85 | 7780 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.