MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.8702
Heuristics 3
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/strik?utm_term=how+to+start+a+presentation+speech+in+office PDF link annotation
- http://topvideo.design/243536808951kh7v.pdfIn PDF document text
- http://lnstagramsecurity.net/angular_5_ebook_free6gsay.pdfIn PDF document text
- http://pifemukopisare.sportsontheweb.net/crossfit_benchmark_wods.pdfIn PDF document text
- http://uchebnoe.website/rokanugufovobutikuvoxnkmy.pdfIn PDF document text
- http://ferafukapawap.scienceontheweb.net/how_to_train_your_dragon_3_ending_explained.pdfIn PDF document text
- http://nuxuzuruguli.mypressonline.com/cinema_4d_r17_shortcuts.pdfIn PDF document text
- https://cdn.sqhk.co/wadupaxi/RYhbjfO/pistol_and_knife_weapon_simulator_codes.pdfIn PDF document text
- http://rasprodavaika.ru/do_you_have_to_pass_a_vision_test_to_renew_your_licensehyar5.pdfIn PDF document text
- http://moscow-siberian-force.online/times_table_chart_worksheet_printableett7t.pdfIn PDF document text
- http://mylevel.store/30767329096tfut7.pdfIn PDF document text
- https://cdn.sqhk.co/vivakawibaki/ggciigi/mulimomisuninowif.pdfIn PDF document text
- http://white-x.fun/dna_rna_and_snorksi7gpm.pdfIn PDF document text
- http://nudistoff.club/what_are_the_different_types_of_decorating2cxvw.pdfIn PDF document text
- https://cdn.sqhk.co/puxolika/JhdOJgh/nivupi.pdfIn PDF document text
- http://lazadacostumercenter.com/1449362865kskd9.pdfIn PDF document text
- http://ru-dev.xyz/3060341720v2zem.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/1a94d65e-8331-4d2c-9197-dadcb5699891/36186280222.pdfIn PDF document text
- http://kepofif.onlinewebshop.net/8318279615.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef00f10c-b0cf-41ee-88eb-1183ba0926ce/20778521278.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/59a953d0-c568-46db-a85b-e38fc5600988/can_you_use_xbox_one_turtle_beach_on_ps4.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9e1ed44f-1c46-425c-8783-13e22780d679/5746420483.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000122e4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x122E4 | 5124 bytes |
SHA-256: bb830d051ab17468759c68fd35dac5d9dd4d2e324489d8d13ea37de56da7fd13 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.