MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links, many of which are numerically or generically named, suggesting a link farm or SEO poisoning tactic. The document body, though partially corrupted, contains a URL related to resetting luggage locks, which is likely a lure to encourage clicks. The ML classifier strongly flagged this PDF as malicious, and the presence of numerous external URIs further supports a malicious intent to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://longviewnetwork.com/uploads/1/3/0/9/130969148/130969148.html#how+to+reset+tsa+luggage+lock+american+tourister
- http://siliconvalleymath.com/uploads/1/3/1/3/131380569/2298328.pdf
- http://whirlmyballs.com/uploads/1/3/1/0/131071072/5ace6710be54.pdf
- http://peggyshomecooking.com/uploads/1/3/0/3/130323814/8705929.pdf
- http://livinginlayersstudio.com/uploads/1/3/0/6/130621765/e635913.pdf
- http://quantumbreak.org/uploads/1/3/0/4/130483583/zuresesu.pdf
- http://dragonflyawakening.com/uploads/1/3/0/4/130483309/9da58568.pdf
- http://theshergroup.com/uploads/1/3/0/4/130476555/fazimijal-riduvazumujeg.pdf
- http://verityfinancial.net/uploads/1/3/0/6/130621868/ratizowefu_monukibal_pigukotule_gasufifiza.pdf
- http://morganadvisory.org/uploads/1/3/0/6/130604036/kemejepokeb-gixedese.pdf
- http://miramaroptimistclub.org/uploads/1/3/0/8/130873937/manet.pdf
- http://thesupercoolpreschool.com/uploads/1/3/1/4/131407668/suxox_xaxexubiwi_jixupevewona_wakufem.pdf
- http://phillipvallespin.com/uploads/1/3/0/5/130539658/67085d8f1172f.pdf
- http://wearhouseusa.com/uploads/1/3/1/1/131163902/a3b3c1045.pdf
- http://yihanpiano.com/uploads/1/3/0/6/130621507/vitex.pdf
- http://hushallsassistenterna.se/uploads/1/3/0/5/130588899/rogirubif-niroru-dusep-pozapibigo.pdf
- http://slayannasboutique.com/uploads/1/3/1/0/131071038/fikalejakokeje.pdf
- http://preview.cafechocolade.net/uploads/1/3/1/4/131437116/mitajudotad.pdf
- http://gerardgueguen.com/uploads/1/3/1/3/131380777/fufuvewenenav_nulovilifax.pdf
- http://newmandarinseafoodrestaurant.com/uploads/1/3/0/6/130620991/751df4f31c4.pdf
- http://gcnsconsulting.com/uploads/1/3/0/4/130477613/8435133.pdf
- http://diamondstobullets.com/uploads/1/3/1/0/131070080/xagelopawasaduduxo.pdf
- http://jonoma.net/uploads/1/3/0/4/130488935/975fe239.pdf
- http://revarome.net/uploads/1/3/0/7/130775719/vapodegu-palovuvosi-kotuzagemof.pdf
- http://bestyethomeimprovement.com/uploads/1/3/0/6/130604621/pexudovafu_diwurodejejog.pdf
- http://miratorres.com/uploads/1/3/0/4/130489343/fisakevodibawo.pdf
- http://revarome.net/uploads/1/3/0/7/130775719
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007bef.binf22a9e3e2801119b57b58b7af033a32b1d9851f9ee139c16272b21f3a706308a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BEF | 7600 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.