MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. One of these links, http://74-123-76-48.mgwnet.com/uploads/1/3/0/7/130775106/130775106.html#natural+peanut+butter+calories+per+tablespoon, is directly referenced in the document body. The presence of numerous links suggests a tactic to direct users to potentially malicious websites, possibly for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://74-123-76-48.mgwnet.com/uploads/1/3/0/7/130775106/130775106.html#natural+peanut+butter+calories+per+tablespoon
- http://datascienceeurope.com/uploads/1/3/0/5/130538923/totej_motululeruvud.pdf
- http://elemensis-distribution.com/uploads/1/3/0/6/130639526/zodexi_vatanibip_zetusalezudotom_towasevefudab.pdf
- http://curryhut.net/uploads/1/3/0/6/130604501/558f779dc821.pdf
- http://skeletonsoutofthecloset.com/uploads/1/3/0/5/130538953/09aa8ec4a07bb.pdf
- http://widerangeoffers.us/uploads/1/3/0/6/130621094/bokegumeno.pdf
- http://myteddybearzone.com/uploads/1/3/0/6/130622103/vegobun.pdf
- http://theaterworx.info/uploads/1/3/0/6/130640074/8624509.pdf
- http://mudgeeproduceplus.net/uploads/1/3/0/4/130490915/fijiwifuw-lutezovo-patakogigelus.pdf
- http://elementalembodiment.com/uploads/1/3/0/7/130776082/xunarexed-fimuvexot-zemuvorube.pdf
- http://worldreformproject.com/uploads/1/3/0/4/130477146/e580f.pdf
- http://selfhelplegalservice.com/uploads/1/3/0/6/130639743/6535104.pdf
- http://rmtdesigngroup.com/uploads/1/3/1/1/131164266/papulomozop.pdf
- http://abrprojectsaustralia.com.au/uploads/1/3/0/9/130969838/4646230.pdf
- http://moosewoodalaska.com/uploads/1/3/0/5/130540186/4618c2.pdf
- http://shopnowgifts.com/uploads/1/3/0/3/130323298/jumutegu.pdf
- http://oneilllab.com/uploads/1/3/1/4/131453555/4a6459c9c.pdf
- http://talktograndma.net/uploads/1/3/0/6/130620232/zalof_mewovojila_dejovatuje.pdf
- http://danlynnwatt.com/uploads/1/3/0/5/130551002/80d2c40118e9.pdf
- http://geniphys.com/uploads/1/3/0/7/130738875/833382.pdf
- http://kellybunn.com/uploads/1/3/1/1/131164127/7664112.pdf
- http://peitsaiart.com/uploads/1/3/0/5/130539165/7233877.pdf
- http://mikevaproduction.com/uploads/1/3/0/5/130539270/bitudesub.pdf
- http://essentiallyamour.com/uploads/1/3/0/7/130740442/9135191.pdf
- http://royalclassictravel.com/uploads/1/3/0/4/130488616/dazefuxuvi_zorilujojugote_lirutuw_favoladuj.pdf
- http://royalclassictravel.com/uploads/1/
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e70.bind0169d79ce17be65b09485d7df3c6250acb153809e818c95e97800e5952b39c8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E70 | 7384 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.