MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or SEO spam operation. The document body, though partially corrupted, includes references to 'Adobe premiere tutorial videos' and the wkhtmltopdf generator, indicating a lure to external content. The ML classifier strongly flagged this PDF as malicious. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://brandstormpromotions.net/uploads/1/3/0/5/130544968/130544968.html#adobe+premiere+tutorial+videos
- http://kundalinidancealchemy.com/uploads/1/3/0/5/130540155/2512885.pdf
- http://mta-sts.mx.wendellmillspiano.com/uploads/1/3/0/6/130604314/kefefotufemevep_gabuzugexu_nifoxilad_suruvisi.pdf
- http://weirdkaraoke.com/uploads/1/3/0/8/130873851/wimemiso.pdf
- http://dup-online.org/uploads/1/3/0/5/130590282/zoziwesikulezujojolo.pdf
- http://resolvecustomer-issueactivity.com/uploads/1/3/0/4/130483418/fesirok_gesirujibugefoz_fulawufirepejig_faxemuvatu.pdf
- http://mail.abovethecoals.com/uploads/1/3/0/4/130489070/witar_dotepuxag.pdf
- http://www.camphopeless.io/uploads/1/3/0/3/130313390/xusozopuwokin.pdf
- http://www.atthagastofa.is/uploads/1/3/0/3/130323110/b23d0456e73c5b.pdf
- http://otelhosp.com/uploads/1/3/0/2/130274322/bakinipabemaxaw.pdf
- http://nmnawgj.com/uploads/1/3/0/7/130775762/sonuga.pdf
- http://curvybridesma.com/uploads/1/3/0/3/130323232/zupuzumutezewepe.pdf
- http://webmail.gammaxiques.org/uploads/1/3/0/4/130435583/1166834.pdf
- http://webmail.pitchforkpreserves.com/uploads/1/3/0/7/130739705/repibitivilapig_mubikesigel.pdf
- http://bandpetbrasil.com/uploads/1/3/0/5/130539130/fe5f91d.pdf
- http://befree-rv.com/uploads/1/3/0/5/130543038/pezino_xiduw_kevopira_motoruroken.pdf
- http://mylifeinconchas.com/uploads/1/3/1/0/131071095/6199313.pdf
- http://nawwarshukriahali.com/uploads/1/3/0/7/130775833/9782509.pdf
- http://switchingtooboe.com/uploads/1/3/0/6/130639950/rimab-jarasagewomutu-naxapamonobaw-minop.pdf
- http://mail.vacationhome4u.com/uploads/1/3/0/8/130814238/4619391.pdf
- http://therightdoor.com/uploads/1/3/0/2/130289724/24361d2c50cf.pdf
- http://www.casablancaarts.com/uploads/1/3/0/4/130476632/1279199.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009faa.bin00f47cc724209d80db7c3c2737daf157d2ccd56ac61c1a493e5a3e77a9404146 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9FAA | 7480 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.