MALICIOUS
70
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of external links, many of which are SEO-optimized and point to other PDF files, indicating a link farm designed to attract traffic. The document body text and embedded URLs suggest a lure related to software downloads, specifically 'Tamil english bible software free download for windows 10'. The presence of a visual download button heuristic further supports the social engineering aspect of this attack. The primary goal appears to be directing users to malicious or compromised websites through these links.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://twistedsugarut.com/uploads/1/3/0/5/130551764/130551764.html#tamil+english+bible+software+free+download+for+windows+10
- http://traxtr.com/uploads/1/3/0/4/130436357/961a65.pdf
- http://www.xandysworld.com/uploads/1/3/0/9/130969130/zilikelur-jumelufaxikaki-lavebijuwa-jogadelaliki.pdf
- http://doodlebugblessingsgoldendoodles.com/uploads/1/3/0/3/130313022/bixapomodo.pdf
- http://goonmud.net/uploads/1/3/0/2/130288798/tifimerekomufemoxif.pdf
- http://www.neverdonefiberfarms.com/uploads/1/3/0/6/130620437/6299013.pdf
- http://goldheart.us/uploads/1/3/0/5/130548039/5885772.pdf
- http://www.paddleboardhouse.com/uploads/1/3/0/7/130739284/sofiwovukaguxob.pdf
- http://myafricanloveseries.com/uploads/1/3/0/4/130476687/3442946.pdf
- http://jgriceart.net/uploads/1/3/0/5/130588607/xapunubolokag.pdf
- http://reachthe1.org/uploads/1/3/0/7/130775404/5322410.pdf
- http://twelvecosmeticcompany.com/uploads/1/3/0/8/130874533/1f772e8c32.pdf
- http://hellozamora.com/uploads/1/3/0/6/130605083/ca5c71.pdf
- http://kaleidoscoperecords.org/uploads/1/3/0/4/130436426/zudawasodinog.pdf
- http://www.carbonauto.net/uploads/1/3/0/4/130476548/meterureworax.pdf
- http://cpanel.loadmateforboaters.com/uploads/1/3/0/6/130604042/6b24a4738c.pdf
- http://www.dampdogbooks.co.uk/uploads/1/3/0/8/130874439/dudage-kixarexasuzij-wunapenemori.pdf
- http://mx.ps305.com/uploads/1/3/0/5/130545334/23fcd53ada1.pdf
- http://herbotanics.com/uploads/1/3/0/7/130740464/tuxudawe.pdf
- http://katieteal.com/uploads/1/3/0/9/130969369/saramafer.pdf
- http://www.cortneyharden.com/uploads/1/3/0/6/130620478/5684180.pdf
- http://alarmsmeath.com/uploads/1/3/0/6/130621582/6443b1450c.pdf
- http://movementactivewear.com/uploads/1/3/0/7/130738830/bopogixasokud.pdf
- http://souldecor.org/uploads/1/3/0/8/130814001/2271049.pdf
- http://walmsworld.com/uploads/1/3/0/7/130776185/4193595.pdf
- http://webdisk.grandviewcresthoa.com/uploads/1/3/1/0/131070710/moporewuma.pdf
- http://walmsworld.com/uploads/1/3/0/7/1
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006827.bina6fdb5df08fe3ff39d59497efbe6a0bd96367ee9ec0fc58adaf3a9e5dd231d25 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6827 | 7608 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.