MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The PDF document contains a mass of external links, many of which are SEO-optimized and point to other PDF files. The document body, though partially corrupted, suggests a lure related to 'Shark ion robot filter cleaning instructions'. The 'SE_CALLBACK_LURE' heuristic indicates the document is designed to prompt the user to call a phone number for fraudulent purposes, consistent with a tech-support scam or billing fraud. No scripts were extracted, limiting further analysis of execution chains.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://amazingjourneytravel.voyagerwebsites.com/uploads/1/3/0/7/130739937/130739937.html#shark+ion+robot+filter+cleaning+instructions
- http://teesineed.com/uploads/1/3/0/7/130776452/mibasozu-sewakugidi-vaxefitarog-nalopazuxovife.pdf
- http://thejordanpetersgroup.com/uploads/1/3/0/9/130969391/0d81e40.pdf
- http://consumerfirstaid.com/uploads/1/3/0/7/130738578/21a4e6063cc08.pdf
- http://www.multnomahelementary.org/uploads/1/3/0/4/130483761/tixiruxekuguvi.pdf
- http://puzzlescleaning.com/uploads/1/3/0/7/130739597/gosaburopenogatosap.pdf
- http://itssewwoolly.com/uploads/1/3/0/7/130740465/1381016.pdf
- http://exclusivetophats.com/uploads/1/3/0/6/130639510/pigotitox.pdf
- http://southfloridagolfinstruction.com/uploads/1/3/0/4/130483733/d992950e1.pdf
- http://newgriffiths.com/uploads/1/3/0/2/130287817/pakikevomi.pdf
- http://duelmotions.com/uploads/1/3/0/9/130969353/bff595.pdf
- http://wildcardreiningchallenge.com/uploads/1/3/0/4/130489131/rimufasulozejan.pdf
- http://vetsandpetstravel.com/uploads/1/3/0/6/130621636/tarefovazit-samaxoxumak-losifefanuxelaz-zixotumal.pdf
- http://footystatman.com/uploads/1/3/0/8/130874241/d234199.pdf
- http://kelcoremechanical.com/uploads/1/3/0/7/130775615/9666262.pdf
- http://sophysinger.com/uploads/1/3/1/1/131164308/gofidew-kikozagutunow-tebedanopimime-vuparinude.pdf
- http://sommerhus-nrlyngby.com/uploads/1/3/0/7/130776639/6993219.pdf
- http://yefrancybrightcleaningllc.com/uploads/1/3/0/3/130323415/3488936.pdf
- http://countrylace417.com/uploads/1/3/0/8/130813398/gabanamog.pdf
- http://xtremejoinery.com/uploads/1/3/0/7/130739021/3829038.pdf
- http://phillips-solutions.com/uploads/1/3/0/7/130739510/675088e.pdf
- http://channayath.com/uploads/1/3/0/5/130588999/3b135cebf.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009957.bin0b61007e04ac788ef2bdd04b88994db78a38bc2f0b0e117cc97ec96487ba5d30 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9957 | 7980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.