MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF contains a large number of external links to other PDF files hosted on various domains. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier strongly flagged this PDF as malicious, supporting the assessment of a malicious intent. No scripts were extracted, limiting the ability to determine specific payload delivery or execution methods.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://fairytaletraders.com/uploads/1/3/0/6/130604026/130604026.html#derecho+romano+concepto+servidumbre
- http://therapiesbymark.com/uploads/1/3/0/7/130738911/4713088.pdf
- http://diorsbusiness.com/uploads/1/3/0/6/130620745/838124.pdf
- http://portal.erjurself.com/uploads/1/3/0/3/130379292/30829cdee8d6f1.pdf
- http://haoisinternational.com/uploads/1/3/0/3/130323175/9004863.pdf
- http://techlet.ca/uploads/1/3/0/3/130323156/cb9b24564.pdf
- http://www.gaiacandles.com/uploads/1/3/0/7/130738646/18257be6edf455e.pdf
- http://www.where-is-melanie.com/uploads/1/3/0/6/130639123/lukumewabi.pdf
- http://www.theviralistpath.com/uploads/1/3/0/7/130776449/pataxotaduko-vubop-zutusaz-ziparisa.pdf
- http://solit.studio/uploads/1/3/0/2/130271145/2213732.pdf
- http://juliefhermedinagalban.com/uploads/1/3/0/2/130287462/8240f6ee8.pdf
- http://www.womersleyenvironmentalservices.com/uploads/1/3/0/4/130435826/sogesewet.pdf
- http://heloisecrista.com/uploads/1/3/0/3/130323493/govofezagiv.pdf
- http://mywaybrands.com/uploads/1/3/0/5/130590457/posalefe.pdf
- http://projectlifestudios.com/uploads/1/3/0/6/130639635/d493ca9e7d0e2.pdf
- http://webmail.trainingsolutionsinternational.com/uploads/1/3/0/7/130739975/tosiva.pdf
- http://easyenergetics.net/uploads/1/3/0/6/130640097/mokulivawow.pdf
- http://getitgatorauto.com/uploads/1/3/0/3/130379248/44c7b.pdf
- http://mail.villagegreenla.net/uploads/1/3/0/4/130489090/damunopupud.pdf
- http://nexuspos.net/uploads/1/3/0/4/130476830/fabawedaxawigipute.pdf
- http://metersnelectronics.com/uploads/1/3/0/6/130604088/542765.pdf
- http://maturefaps.com/uploads/1/3/0/6/130621324/kujagagux.pdf
- http://bambringo.com/uploads/1/3/0/2/130289304/nasilogimamiwunaxemi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000082b1.binaba2edc4b39274421a7d45ff5559b2cfc5c38b096c6b88613729b555054eed8d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82B1 | 8424 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.