MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF file was generated by wkhtmltopdf and contains a large number of external links, indicating a link farm or SEO manipulation tactic. The ML classifier strongly flagged this PDF as malicious. The primary intent appears to be directing users to a vast network of external URLs, potentially for malicious redirection or to host further attack stages.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://fit1athletics.com/uploads/1/3/0/6/130604407/130604407.html#zvex+fuzz+factory+eurorack+module
- http://trashintransit.com/uploads/1/3/0/4/130483445/nugijewek.pdf
- http://enviropoly.org/uploads/1/3/0/6/130621850/433e6a.pdf
- http://thorneandivy.com/uploads/1/3/0/8/130873994/e1abc0.pdf
- http://srealdevelopment.com/uploads/1/3/0/2/130289380/rozonivivedaj.pdf
- http://wec-mi.com/uploads/1/3/0/3/130313253/5675408.pdf
- http://bigwalkies.com/uploads/1/3/0/5/130543991/4324693.pdf
- http://giehs.org/uploads/1/3/0/5/130539002/da8f4f9973f.pdf
- http://amcdistribution.ca/uploads/1/3/0/4/130476346/1972937.pdf
- http://eyliad.com/uploads/1/3/0/8/130874490/38f6e79054a.pdf
- http://mx.tempiodidio.org/uploads/1/3/0/4/130435500/1747704.pdf
- http://littlefeatherbooks.com/uploads/1/3/0/4/130489386/e2bb733a4.pdf
- http://frugalmix.com/uploads/1/3/0/7/130739343/lopupok.pdf
- http://astridbadell.com/uploads/1/3/0/4/130483394/5696221.pdf
- http://lobstahtrapcaddy.com/uploads/1/3/0/7/130740164/sijufezovuz.pdf
- http://kcfenceco.com/uploads/1/3/0/5/130540026/0a09f24424f9f5d.pdf
- http://tengsl.org/uploads/1/3/0/8/130874451/wakatiluvowoxik-tifavamagaxoril-vabesadakojirow.pdf
- http://holmeslovestravel.com/uploads/1/3/0/5/130542872/88d9ae69f0e57.pdf
- http://www.barringtonmiddleschoolpto.com/uploads/1/3/0/9/130969308/093b1a176d71.pdf
- http://www.readingsbykata.com/uploads/1/3/0/3/130323510/5177150.pdf
- http://miztcomedy.com/uploads/1/3/0/6/130639362/kuzubaborozibod-dudar.pdf
- http://drdom.com.au/uploads/1/3/0/4/130483844/kazimesutiwoxet.pdf
- http://mvhsphotography.com/uploads/1/3/0/4/130436525/padusupizaj.pdf
- http://www.g1entrancesolutions.com/uploads/1/3/0/7/130775046/912e948786c416b.pdf
- http://sallydavisstudio.com/uploads/1/3/0/7/130739443/vinizo.pdf
- http://royfonte.com/uploads/1/3/0/6/130639292/togugum.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006789.bind332ba34ea6053be9021024eafd11367a8fa0d3c8b534ad0844e326de7142c01 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6789 | 8632 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.