MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While the URLs themselves are marked as benign, the sheer volume and structure suggest a malicious intent, likely to manipulate search engine results or serve as a lure for further malicious activity. No scripts were extracted, and the document body was heavily corrupted, limiting further analysis.
Machine Learning
- Nyx PDF Classifier malicious score 0.9798
Heuristics 2
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://cefasfese.4pu.com/4738737730732734/Winter-in-Madrid-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/3731734731739734/Winter-in-Madrid-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/1730731737736731731/Autonome-Gemeinschaft-Madrid-Alcala-de-Henares-Bauwerk-in-Der-Autonomen-Gemeinschaft-Madrid-by-Quelle-Wikipedia.pdf
- http://cefasfese.4pu.com/2735731738737735/Dominion-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/3739733736735732/Lamentation-Matthew-Shardlake-6-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/4730731739737/Revelation-Matthew-Shardlake-4-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/3735736733736/Dissolution-Matthew-Shardlake-1-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/3737738739737/Sovereign-Matthew-Shardlake-3-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/1738737733735733/Sovereign-Matthew-Shardlake-3-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/2735735735737731/Revelation-Matthew-Shardlake-4-by-C-J-Sansom.pdf
- http://cefasfese.4pu.com/2739731739734733/Sold-Keeping-her-in-the-Dark-1-by-Leslie-Sansom.pdf
- http://cefasfese.4pu.com/3733737732731739/Sold-Keeping-her-in-the-Dark-1-by-Leslie-Sansom.pdf
- http://cefasfese.4pu.com/5730730733738738/The-Book-Stops-Here-Mobile-Library-Mystery-3-by-Ian-Sansom.pdf
- http://cefasfese.4pu.com/5730730731734738/The-Bad-Book-Affair-Mobile-Library-Mystery-4-by-Ian-Sansom.pdf
- http://cefasfese.4pu.com/1732730737737738/NEW-MADRID-A-New-Coastline-by-Terry-Frost.pdf
- http://cefasfese.4pu.com/4731733735737731/Madrid-European-Secrets-1-by-Ana-Vela.pdf
- http://cefasfese.4pu.com/3738738735737730/Madrid-Metro-by-Abigail-Kloss-Aycardi.pdf
- http://cefasfese.4pu.com/3735738734737732/Midnight-in-Madrid-The-Russian-Trilogy-2-by-Noel-Hynd.pdf
- http://cefasfese.4pu.com/1733731732737737/Love-in-the-Shadows-Quintin-Pearson-1-by-Dylan-Madrid.pdf
- http://cefasfese.4pu.com/1731730735735730737/11-Talsperrenkongrea-in-Madrid-1973-A-Sterreichische-Beitrage-by-O-Ganser.pdf
- http://cefasfese.4pu.com/3733737732731739/Sold-Keeping-her-in-the-Dark-1-by-Leslie-
Open this report in the interactive analyzer, or submit your own file for analysis.