MALICIOUS
70
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The PDF document contains a mass of external links, many of which point to other PDF files hosted on various domains, suggesting a link farm or SEO poisoning tactic. The document body mentions 'jpg to pdf windows xp', indicating a lure to download or interact with content related to this topic. The presence of numerous external URLs, including one that appears to be an HTML file with a similar theme, strongly suggests a malicious workflow aimed at redirecting users to potentially harmful content or downloads.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://xinquanxunwangxinbao2wangzhi.br3h.com/uploads/1/3/0/4/130488181/130488181.html#jpg+to+pdf+windows+xp
- http://midwestinspartners.com/uploads/1/3/0/5/130539329/2969408b5b0ee.pdf
- http://southcharlottedems.org/uploads/1/3/0/5/130540286/rulexix-wexeke.pdf
- http://millie4good.org/uploads/1/3/0/7/130776674/nagabesiwuletakonuxi.pdf
- http://olivettebythesea.com/uploads/1/3/0/3/130313037/5cc3d1b69144b.pdf
- http://savannahceramics.com/uploads/1/3/0/5/130551298/9023234.pdf
- http://www.shopblackharpoon.com/uploads/1/3/0/6/130621812/kowezikudeneg_lozazado_lujifawu_fufokimogi.pdf
- http://borderlinkfarms.com/uploads/1/3/0/6/130621683/233696.pdf
- http://www.leandrobarriobero.com/uploads/1/3/0/4/130476830/1c1982eb493ec2.pdf
- http://veganohnemangel.com/uploads/1/3/0/7/130739238/2678641.pdf
- http://www.omahavirtualschool.org/uploads/1/3/0/5/130543293/lomivoxezup-kigugepa.pdf
- http://zerogravitymgmt.com/uploads/1/3/0/3/130323425/fotiwozapo-fejusiwamov-dabusobofu.pdf
- http://remou-te.com/uploads/1/3/0/4/130488924/1007342.pdf
- http://mta-sts.mx.lifefoursquare.com/uploads/1/3/0/6/130605302/luwowasiwevoxopuxulo.pdf
- http://www.lahabratamalefestival.org/uploads/1/3/0/6/130604150/5805675.pdf
- http://letstradeshirts.com/uploads/1/3/0/6/130605396/2ad37c51c04.pdf
- http://www.nattertowing.com/uploads/1/3/0/6/130620524/fopevuzidifesaxudoku.pdf
- http://www.debiom.com/uploads/1/3/0/4/130488955/3778333.pdf
- http://smalltrailersforhauling.net/uploads/1/3/0/6/130621307/21a420c20470ff.pdf
- http://mouthmud.com/uploads/1/3/0/6/130605204/xovesakekekeme.pdf
- http://webmail.a4crossfit.com/uploads/1/3/0/4/130494801/2234755.pdf
- http://tvwithoutcable.com/uploads/1/3/0/6/130639984/2bc2cb.pdf
- http://refugeespeaker.org/uploads/1/3/0/5/130539357/5975403.pdf
- http://belladesgagnes.com/uploads/1/3/0/6/130620604/zabixagu-ravulirejobufaw.pdf
- http://blueoxorganics.com/uploads/1/3/0/8/130814584/kutizamuwama.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000075dd.bin88cd44469faffaf819e9133332e5b81d90ef93c4b562700631c8229a0db161bb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75DD | 9064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.