MALICIOUS
192
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
ClamAV: Pdf.Dropper.Agent-7954659-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7954659-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://spccmd.com/uploads/1/3/0/5/130550657/nalotolerarunate.pdf In PDF document text
- http://noebrown.com/uploads/1/3/0/6/130604874/nizunamunani.pdfIn PDF document text
- http://midcountydentalcare.com/uploads/1/3/0/6/130604036/3343221.pdfIn macro / runtime command snippet
- http://kitug.lucky-opros.info/uploads/2020/01/28/bepabijowuw.pdfIn PDF document text
- http://formationalurimmobilier.com/uploads/1/3/0/6/130604049/dupiwilajizerot.pdfIn PDF document text
- http://gyroscopeme.weebly.com/uploads/1/3/0/5/130550654/losowofatolugani.pdfIn PDF document text
- http://sawaw.fiuggi.pro/uploads/2020/01/28/5af5e5918d882f.pdfIn PDF document text
- http://lemowikabo.gbpfinancials.com/uploads/2020/01/28/9494978.pdfIn PDF document text
- http://culezona.eu/uploads/1/3/0/6/130604133/naduvasidi.pdfIn PDF document text
- http://doeverythingwithgrace.com/uploads/1/3/0/4/130489039/nukemopu.pdfIn PDF document text
- http://shopamysattic.net/uploads/1/3/0/2/130272886/xezejimu_romefefax.pdfIn PDF document text
- http://alinazhukovskaya.com/uploads/1/3/0/5/130588983/5d625c5606.pdfIn PDF document text
- http://swimleftlabs.com/uploads/1/3/0/6/130621874/sekonozaxowupowodij.pdfIn PDF document text
- http://dimensionalfinancialservices.com/uploads/1/3/0/4/130483477/barivema.pdfIn PDF document text
- http://ncmetalbuildingsdirect.com/uploads/1/3/0/6/130639960/poromi.pdfIn PDF document text
- http://discgolflittleleague.com/uploads/1/3/0/5/130544390/1acd210b5ef077.pdfIn PDF document text
- http://allsportssuperpool.com/uploads/1/3/0/2/130291786/5792591.pdfIn PDF document text
- http://armsandmindsrenovations.com/uploads/1/3/0/6/130620380/pelole_vigiv_merepalijuk_josumipuwem.pdfIn PDF document text
- https://bugulobo.weebly.com/uploads/1/3/0/4/130477152/xuwiwu.pdfIn PDF document text
- http://ocholistictherapy.com/uploads/1/3/0/2/130274378/581a2.pdfIn PDF document text
- http://simplicityparentingwithmary.com/uploads/1/3/0/2/130272336/e22e2e3b75.pdfIn PDF document text
- http://boneki.dentalux.one/uploads/2020/01/28/6804551.pdfIn PDF document text
- http://slpresource.com/uploads/1/3/0/6/130620974/josulaguxex_fagoka.pdfIn PDF document text
- http://kedenozi.vipiska-egrn-besplatno.icu/uploads/2020/01/28/lavatidolotusa.pdfIn PDF document text
- http://oakbank-cfbt.org/uploads/1/3/0/3/130379411/130379411.html#music+of+the+nightIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001698.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1698 | 7604 bytes |
SHA-256: 379d7cf146b00825dc27fdb60fb956080e259f65fe13ebc4e2a05f02057fef7f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.