MALICIOUS
70
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The PDF document contains numerous external links, many of which point to PDF files hosted on various domains, suggesting a link farm or redirection strategy. The document body text and embedded URLs explicitly mention downloading a printer driver, which is a common lure for users to click on malicious links. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of external links, reinforcing the malicious intent. No scripts were extracted from this sample.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://seastar.websalve.com/uploads/1/3/1/4/131453857/131453857.html#hp+psc+1210+all+in+one+printer+driver+download+for+win7
- http://texasstarlighttech.com/uploads/1/3/0/5/130590525/muzijilojoludogipax.pdf
- http://csuite-consulting.com/uploads/1/3/0/6/130640132/nukikaveri.pdf
- http://cyrcertification.com/uploads/1/3/0/7/130776519/70431f52e4.pdf
- http://bb-lash.com/uploads/1/3/0/3/130313491/vunufofafamorafa.pdf
- http://erwachendesfrausein.ch/uploads/1/3/0/5/130540083/pazadewo.pdf
- http://tandkcollaboration.com/uploads/1/3/0/7/130740097/4132121.pdf
- http://infinitygrindhouse.net/uploads/1/3/0/6/130639407/rigagis_taxonemamigomit.pdf
- http://bagleyallschoolreunion2019.com/uploads/1/3/0/6/130639244/3eef5ccd92.pdf
- http://curveandfirepottery.com/uploads/1/3/0/3/130313370/dojunolezijugovetuv.pdf
- http://mysticmountainproductions.com/uploads/1/3/0/6/130605510/delejonusi.pdf
- http://writercaroldevine.com/uploads/1/3/0/5/130540645/bc1921.pdf
- http://urbanlifejewels.com/uploads/1/3/0/8/130874530/mekipimum.pdf
- http://ozewiezewoze.be/uploads/1/3/0/4/130436006/5618688.pdf
- http://hostmaster.dbreak.ch/uploads/1/3/0/3/130380037/nabez.pdf
- http://limitlesspeggy.com/uploads/1/3/0/2/130287845/7133664.pdf
- http://dailywritingtip.com/uploads/1/3/0/3/130313641/wuzamumegisel-ratojokuvaxupuv-noxikewinur-vosifemi.pdf
- http://aimateam.com/uploads/1/3/0/7/130738722/wedejedi-fozinumume-movorajinilux.pdf
- http://americanmahjongginstruction.com/uploads/1/3/0/8/130814421/vebobuxikisara_segazolimudumif_pofokez.pdf
- http://moneyspinner4u.com/uploads/1/3/0/7/130775772/xakinofunobe_fazewoxiriwi_busiwu.pdf
- http://cvalentlandscapingllc.com/uploads/1/3/0/6/130620275/6846242.pdf
- http://zerotoleranceproductions.com/uploads/1/3/0/8/130874157/wiwuwurojegutoxaz.pdf
- http://dfashionfix.com/uploads/1/3/0/8/130813447/3048971.pdf
- http://calmring.com/uploads/1/3/0/6/130605314/711b1.pdf
- http://dfashionfix.com/uploads/1/3/0/8/13081344
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e2e.bindf30abcac4bb9b1d47a61c6074d849de3d0b86bbdcae290109a53e8cd7bfe44f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E2E | 7736 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.