MALICIOUS
112
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document is identified as a malicious image-only lure, typical of phishing campaigns. It contains numerous external links, with a primary link pointing to 'http://withlovehairco.com/uploads/1/3/1/0/131070096/131070096.html#kotlin+programming+the+big+nerd+ranch+guide+pdf'. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of generated links, suggesting an attempt to distribute malicious content or redirect users to various phishing sites. The ML classifier strongly supports the malicious verdict.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 30 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://withlovehairco.com/uploads/1/3/1/0/131070096/131070096.html#kotlin+programming+the+big+nerd+ranch+guide+pdf
- http://fortressinsurancegency.com/uploads/1/3/0/4/130483527/c27d8fa.pdf
- http://www.drinkingbuddiesla.com/uploads/1/3/0/5/130588803/vadiduda.pdf
- http://highdesertpackgoats.com/uploads/1/3/0/5/130590403/funimixivabelod.pdf
- http://bcdcosmetics.com/uploads/1/3/0/8/130815228/bobixojimefuvap.pdf
- http://cprcia.org/uploads/1/3/0/3/130379638/3cbba.pdf
- http://www.rmwcaf.org/uploads/1/3/0/9/130969148/geronizawiwe.pdf
- http://mx.makingestatement.com/uploads/1/3/0/4/130488414/15a82aece96ddf2.pdf
- http://foncbelago.com/uploads/1/3/0/9/130969150/tipot_vitewiwal_mixozonovir.pdf
- http://cbbankclassic.com/uploads/1/3/0/5/130589373/wiwazetemorav-rimaro.pdf
- http://michelehrose.com/uploads/1/3/0/6/130620959/0bd4c.pdf
- http://lgbaonline.org/uploads/1/3/0/4/130475973/melagebudupelakaja.pdf
- http://mx.mx.italyoptical.com/uploads/1/3/0/2/130273944/ketesurawuvifa_gosufef_giwudiza_kibevute.pdf
- http://aztecwhistles.com/uploads/1/3/0/8/130814676/d03ed1f566.pdf
- http://busybsartistry.com/uploads/1/3/0/3/130323406/xobizoli.pdf
- http://pattayapropertymanagement.com/uploads/1/3/0/5/130539818/72f0ca44be7010.pdf
- http://hostmaster.wheatleybirdsofprey.com/uploads/1/3/0/8/130814993/d980219b.pdf
- http://sharedpen.net/uploads/1/3/0/8/130814408/bazikogifovomelos.pdf
- http://www.isabeldinan.com/uploads/1/3/0/5/130550769/3ebf8.pdf
- http://craftingdelightshackblog.com/uploads/1/3/0/2/130288602/8d852db8.pdf
- http://gmuwellbeing.com/uploads/1/3/0/9/130969294/zawewuku_xipiku_rafod.pdf
- http://mx.mywcl.org/uploads/1/3/0/7/130739379/jajekanerufopubinure.pdf
- http://prouni2020.com/uploads/1/3/0/5/130588328/7469632.pdf
- http://fosterspragge.co.uk/uploads/1/3/0/9/130969644/3185234.pdf
- http://koozieorbust.com/uploads/1/3/0/5/130589342/numim.pdf
- http://deedlebugg.com/uploads/1/3/0/4/130488500/06e566a93c76.pdf
- http://koozieorbust.com/upl
Open this report in the interactive analyzer, or submit your own file for analysis.