MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF contains a large number of external links, identified as a 'PDF_SEO_LINK_FARM' heuristic, suggesting a malicious intent to redirect users. One of the primary external URIs points to 'https://botokaw.ru/strik?utm_term=how+to+make+your+own+advent+wreath', which is likely part of a phishing or scam campaign. The ML classifier also flagged the PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.7936
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=how+to+make+your+own+advent+wreath
- https://static.s123-cdn-static.com/uploads/4459175/normal_60001657cda30.pdf
- http://mugowewu.22web.org/44480770715.pdf
- https://static.s123-cdn-static.com/uploads/4370299/normal_5ff2bbfa11212.pdf
- http://madamewezakab.iblogger.org/angular_momentum_in_quantum_physics.pdf
- https://static.s123-cdn-static.com/uploads/4447658/normal_5fe5b04326a20.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/a22a313b-68d0-4ae0-b01e-177768f32bd6/samsung_bn64_tv_price.pdf
- https://ec560393-4650-4708-bf0c-d08fceb8458c.filesusr.com/ugd/ca69db_3d06222fef514d85ae22a391995d0e0a.pdf?index=true
- https://uploads.strikinglycdn.com/files/51f98f16-12d6-40bb-91c1-8ea5f707e562/is_it_rude_to_return_a_gift.pdf
- https://6997f972-013f-4c6f-ac95-4179ba17a557.filesusr.com/ugd/549e1a_52efe7d503af421ba52a27560185ad78.pdf?index=true
- https://uploads.strikinglycdn.com/files/01c97cac-114e-4748-b0ed-7ccfdb4393b6/shadowrun_weapons_genesis.pdf
- https://uploads.strikinglycdn.com/files/4f4f4190-5c96-44f7-93ca-42e14d5e5f49/rosejokigizixaxufure.pdf
- https://6776ac3f-883f-499f-bc52-38dff818ec46.filesusr.com/ugd/969751_73f885bd8f1841b8adc8faa476f28fba.pdf?index=true
- https://uploads.strikinglycdn.com/files/639da025-3580-4fc9-baf2-cc6894815307/sig_p229_e29r-9-bss.pdf
- https://s3.amazonaws.com/lomogas/23261244849.pdf
- http://retugizi.rf.gd/sebopupirafitoliki.pdf
- https://0fc0baf9-b884-4fcd-968e-f93c0f938930.filesusr.com/ugd/68ec51_1f468852e2ad410abcf3179d1608c783.pdf?index=true
- https://b6f97e74-198a-461d-a312-d71b9712332b.filesusr.com/ugd/a2d007_ff7a212226894aeba9432c98586ffb52.pdf?index=true
- https://da5bec28-7969-4117-8ffb-5069fce5e80c.filesusr.com/ugd/31593d_f989a3f61fea419db0e9b4b7df6aa0ca.pdf?index=true
- https://60f6da8c-824c-4163-aae9-6195f2ac7ed4.filesusr.com/ugd/7f16bd_e8daf824d5074b0c9b78b455623c342d.pdf?index=true
- https://s3.amazonaws.com/divelatoxa/a_blood_type_diet_food_list.pdf
- https://c3e810f9-371e-40b9-9a0b-4695a496ec77.filesusr.com/ugd/2c7c49_16d0a1696fe84182a44de4efef1d6c40.pdf?index=true
- https://s3.amazonaws.com/mixanaz/33152781819.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ef72.bin9e0ed7cfd026a4effe220f306c7d83ef29ed31fe757da0ff0a6686b672155ee8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF72 | 5132 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.