MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The ClamAV detection and ML classifier strongly indicate malicious intent, specifically identified as 'Pdf.Phishing.TtraffRobotInstall-7605656-0'. The document body, though partially corrupted, mentions a cover letter for a nurse case manager job, suggesting a lure to entice users to click the links.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://nurturingyourmystic.com/uploads/1/3/0/6/130639217/4096097.pdf
- http://hostmaster.foxnet.xyz/uploads/1/3/0/6/130604477/bupiwigi_vimelur_gupekabusuxa.pdf
- http://www.thefivestrong.com/uploads/1/3/0/2/130272569/2240925.pdf
- http://msmith.klmlaw.com/uploads/1/3/0/2/130270991/3548815.pdf
- http://dadeclinic.com/uploads/1/3/0/7/130740027/fevad-todavavop.pdf
- http://patlyonscreations.com/uploads/1/3/0/5/130590200/betoboxaxifajuvej.pdf
- http://1600charlestonregionalparkway.com/uploads/1/3/0/7/130776338/xapexolidobusepabiwa.pdf
- http://ahemartcollective.com/uploads/1/3/0/4/130490451/fe0a4056.pdf
- http://coronado.be/uploads/1/3/0/7/130738631/mamari.pdf
- http://www.nopesgoes.com/uploads/1/3/0/7/130776639/defuwefivuxa-laxamotusawuxod.pdf
- http://absolutellc.us/uploads/1/3/0/6/130604185/2585501.pdf
- http://uitperu.com/uploads/1/3/0/8/130814672/lipagutiraxolan.pdf
- http://www.salesleadershipseries.com/uploads/1/3/0/7/130775675/pibomebuwuja-vezotorad-sajipet-vebaxumorixix.pdf
- http://www.fromitalywithpassion.com/uploads/1/3/0/2/130271245/fogogitubukewafowava.pdf
- http://dominiquehanover.com/uploads/1/3/0/4/130435872/gugomob.pdf
- http://cpanel.ncrdolphins.com/uploads/1/3/0/4/130478307/pamakidovup-wajedumer-walaf-fuzupobib.pdf
- http://kristylewis.fish/uploads/1/3/0/3/130379237/kofela.pdf
- http://noxonroadpta.com/uploads/1/3/0/6/130620546/a0dc124.pdf
- http://holoae.com/uploads/1/3/0/5/130543483/8f862.pdf
- http://www.victorjoelortiz.com/uploads/1/3/0/5/130540118/8dc537b74be74f.pdf
- http://ecopowerelectric.net/uploads/1/3/0/2/130291699/movogivinujexenuvig.pdf
- http://ackoeltechniek.nl/uploads/1/3/0/5/130588596/15857073a89.pdf
- http://evachurch.org/uploads/1/3/0/8/130873850/darafinivatom-wefejap-jifujup.pdf
- http://mariapiafilms.com/uploads/1/3/0/4/130488749/wazigenupi-fekawu.pdf
- http://migrationbot.ca/uploads/1/3/0/5/130546183/8983910.pdf
- http://unicoiwinetrail.com/uploads/1/3/0/5/130542769/130542769.html#sample+cover+letter+for+nurse+case+manager+job
- http://hostmaster.foxnet.x
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003371.binf8d75dca8d58b0bbd7581d24325932d6c1b4ac0ac5dc788fd200b7cd99c99ff4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3371 | 7852 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.