MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9957
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/award?keyword=compact+key+for+schools+teacher+s+book+pdf PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://0ea1ff7f-05b3-43a2-9744-178351a05ed1.filesusr.com/ugd/01f9b9_38777fb4e3cf42e1999cd947fd624ff2.pdf?index=trueIn PDF document text
- http://sarigeselos.epizy.com/dakogejiziwisis.pdfIn PDF document text
- https://s3.amazonaws.com/zaxuledo/plus_size_long_formal_dresses_with_jackets.pdfIn PDF document text
- https://s3.amazonaws.com/zetubakuz/kijexosunazegefizi.pdfIn PDF document text
- https://c69a8150-bb1e-4c46-878b-fc1622391bd7.filesusr.com/ugd/cf91d6_5b9c910d58ac41ef963d4a7dd3ef298a.pdf?index=trueIn PDF document text
- https://d7179dab-c972-4501-9f4a-16044ca71e84.filesusr.com/ugd/434f74_3c98c6c8067e411c83c4da121f8f0210.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/6a8cb64d-d35b-49b3-a3c2-558f499eede8/what_is_the_biological_determinism_theory_of_gender.pdfIn PDF document text
- https://s3.amazonaws.com/vixuwogetiv/27709359942.pdfIn PDF document text
- http://zowuxepalaget.epizy.com/mejariwuxe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e34a63d0-c548-4474-a8b5-0923776d053a/can_you_take_a_dmv_written_test_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9851822d-cb5e-4ad0-8cc5-653be4485a5b/86005849458.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/479d4528-a9ac-45a7-a1ce-cdc12e3a399d/nate_the_great_story.pdfIn PDF document text
- https://598a1783-db1d-4ebb-96f5-d3ad23e1e090.filesusr.com/ugd/ae99eb_9ce304f092a744ec820a96589b36ef9e.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/faxaxos/pobejalosizasojazuk.pdfIn PDF document text
- http://kagufunoziwezu.epizy.com/47338903728.pdfIn PDF document text
- https://0e8f88b9-656e-4b05-9cd8-8bd477f85547.filesusr.com/ugd/95b9ea_d385bf18bb144a70ad70e7944be18530.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/sinamozagemoger/68884769788.pdfIn PDF document text
- https://s3.amazonaws.com/patotale/bekotafejuxomav.pdfIn PDF document text
- https://s3.amazonaws.com/vinivuxo/61853137982.pdfIn PDF document text
- https://s3.amazonaws.com/gelawiweza/how_to_write_chinese_calligraphy.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6d18b869-07de-4a30-8d41-577c20444b8b/14841538594.pdfIn PDF document text
- https://1a441fb4-51dd-4528-a053-eb59ff664e18.filesusr.com/ugd/43d9d5_85b6e2266e0546759d1f8432f37d0677.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gowupuzokowuxes/dilelupugutivubowogenip.pdfIn PDF document text
- https://7fe6b731-3703-45da-bcbe-faf39b4d3392.filesusr.com/ugd/880a7e_7dec09b8534e4537ad289880ab39898b.pdf?index=trueIn PDF document text
- http://zitamekoliliwe.rf.gd/69485869722.pdfIn PDF document text
- https://0cfe495c-9a5f-46a1-a5f3-fb21b6211bac.filesusr.com/ugd/7aabb2_f9663f661a8d49af892756099b61b24c.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0c2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0C2 | 5356 bytes |
SHA-256: 4f38a19460101c7136a9f4b6698312793a1a4a3cfd29a3ff090be80133eb5e63 |
|||
font_01_sfnt_off0000f303.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF303 | 14928 bytes |
SHA-256: ddcf11ed7f201c33de46d3afe2833482bd4eb8795cc03824add77b104554f661 |
|||
font_02_sfnt_off00011c3c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C3C | 4324 bytes |
SHA-256: 05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.