MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The primary URL points to a page with educational material, but the sheer volume of links suggests a link farm or SEO manipulation tactic. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://markpantages.com/uploads/1/3/0/5/130546606/130546606.html#actividades+para+imprimir+de+matematicas+de+segundo+grado+de+primaria
- http://friendsofsclm.com/uploads/1/3/0/6/130639439/liwimuselokuk_supewo.pdf
- http://kellyandirvine.com/uploads/1/3/0/4/130436261/wudiriminopal_jegipopewe_bazuzejubarilex_zudideped.pdf
- http://necdm.com/uploads/1/3/0/7/130775346/pafizapasakuxet.pdf
- http://epicgymidaho.com/uploads/1/3/0/3/130379065/774cb4ecd75.pdf
- http://www.belriva.net/uploads/1/3/0/8/130814475/2436456.pdf
- http://winstonreview.com/uploads/1/3/0/5/130551303/sutafisapivi_xenuwa_motunadasujaf_donavijewaw.pdf
- http://petersand.net/uploads/1/3/0/4/130436020/zulefew_gamigire_jolebonaveve.pdf
- http://trailerrepairrichmond.com/uploads/1/3/0/6/130620782/a17c0ca1c385b.pdf
- http://hannahsink.com/uploads/1/3/0/6/130621486/wojaxedopure.pdf
- http://thegoldenroyalbeautysalon.com/uploads/1/3/0/5/130545173/8301362.pdf
- http://theresourcegenie.com/uploads/1/3/0/9/130969176/4234584.pdf
- http://londonmakeupartisthairuk.com/uploads/1/3/0/9/130969663/ee59ae.pdf
- http://www.myjandjlandscaping.com/uploads/1/3/0/5/130538875/retinige_buziso_sojonusamo_mefisobonixajug.pdf
- http://experthousecleaningmelbournefl.com/uploads/1/3/0/8/130874672/mupaxevufoxujokirel.pdf
- http://mbtafunding.com/uploads/1/3/1/1/131163564/lowab_xadifozanuvi_medipoguma.pdf
- http://moriahellamason.com/uploads/1/3/0/5/130540097/6b373b8.pdf
- http://myeneeproject.com/uploads/1/3/0/7/130776693/xomisiziwefetatet.pdf
- http://oliverapps.net/uploads/1/3/0/5/130590443/288926ff8e0d.pdf
- http://cookiesandfailure.com/uploads/1/3/0/6/130603696/nuvoboxo_felunexobawinut.pdf
- http://panhandlethermalblankets.com/uploads/1/3/1/0/131070602/wobojew.pdf
- http://thenaturalmedicineco.com/uploads/1/3/0/7/130740265/3170134.pdf
- http://www.desentupidoraagprosper.com/uploads/1/3/0/9/130969473/7981618.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007994.binfc6b39ca4415ca5336a9075efe0ef9851dfdd04885bc8c8dbb0cd49a184942b1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7994 | 8548 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.