MALICIOUS
174
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0016
Heuristics 6
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARMPDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://awarefinance.com/egzofitic/calle/citizenships&sanga/naga/bXJ6anczIHNldHVwMTUxZSBzb2Z0d2FyZSBkb3dubG9hZAbXJ/repined.ZG93bmxvYWR8cXExTVdweGRtZDhmREUyTmpJMk9EQXpPVEI4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk PDF link annotation
- http://colombiasubsidio.xyz/?p=29111In PDF document text
- https://medialabs.asia/wp-content/uploads/2022/09/autocom_delphi_20133_release_3_keygen_14.pdfIn PDF document text
- https://www.cdnapolicity.it/wp-content/uploads/2022/09/Kerio_Control_732_X64_Crack.pdfIn PDF document text
- https://gracepluscoffee.com/browsecontrol-4-3-crack-4-new/In PDF document text
- https://efekt-metal.pl/witaj-swiecie/In PDF document text
- https://djolof-assurance.com/wp-content/uploads/2022/09/magix_samplitude_music_studio_2013_crack.pdfIn PDF document text
- https://telegramtoplist.com/tyco-sprinkcad-n1-v16-5-null-rar/In PDF document text
- http://yotop.ru/2022/09/13/euro-truck-simulator-2-daf-tuning-pack-free-download-updated-crack-serial-key/In PDF document text
- http://it-labx.ru/?p=148772In PDF document text
- http://clubonlineusacasino.com/link-download-komik-godam-pdf-38/In PDF document text
- http://www.webvideoexperts.com/depfile-siberian-mouse-masha-babko-32/In PDF document text
- http://www.unitewomen.org/hd-online-player-shortcut-romeo-tamil-movie-download-new/In PDF document text
- https://arabistgroup.com/wp-content/uploads/2022/09/blabefi.pdfIn PDF document text
- https://roofingbizuniversity.com/wp-content/uploads/2022/09/mordari.pdfIn PDF document text
- https://www.scalping.es/wp-content/uploads/2022/09/vrayfor3dsmax201664bitwithcrackfreedownload.pdfIn PDF document text
- http://ticketguatemala.com/?p=58483In PDF document text
- http://orbeeari.com/?p=95409In PDF document text
- https://mashxingon.com/sakurasou-no-pet-na-kanojo-light-novel-pdf-download-_verified_/In PDF document text
- http://www.moskyshop.com/wp-content/uploads/2022/09/Administrator_X_Windows_System32_Cmdexe_Commands_TOP.pdfIn PDF document text
- http://www.reiten-scheickgut.at/wp-content/uploads/2022/09/Solid_Edge_V16_Full_Version_Free_Download_BETTER.pdfIn PDF document text
- https://djolof-assurance.com/wp-In PDF document text
- http://yotop.ru/2022/09/13/euro-truck-simulator-2-daf-tuning-pack-free-download-updated-crack-In PDF document text
- https://www.scalping.es/wp-In PDF document text
- http://www.moskyshop.com/wp-In PDF document text
- http://www.reiten-scheickgut.at/wp-In PDF document text
- http://www.reiten-scheickgut.at/wp-content/uploads/2022/09/solid_edge_v16_full_version_free_download_better.pdfIn PDF document text
- http://awarefinance.com/egzofitic/calle/citizenships&sanga/naga/bxj6anczihnldhvwmtuxzsbzb2z0d2fyzsbkb3dubg9hzabxj/repined.zg93bmxvywr8cxextvdwegrtzdhmreuytmpjmk9eqxppvei4zkrjmu9uqjhmq2hos1ncwgizsmtjsepsyznnz1cxae5urkpruxlcv01pqlfsrvpkIn PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000204c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x204C | 84508 bytes |
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c |
|||
font_01_sfnt_off0000a838.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA838 | 83036 bytes |
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.