MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains a large number of external links, many of which are dynamically generated and point to other PDF files, indicating a link farm or SEO manipulation tactic. The document body, though heavily obfuscated, contains a URL that appears to be a lure for a technical manual. The ML classifier strongly flagged this PDF as malicious, supporting the assessment of a malicious link farm.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mysjportfolio.com/uploads/1/3/0/7/130740087/130740087.html#engineering+mechanics+statics+5th+edition+solution+manual+pdf+download
- http://www.arabmedicalhumanities.com/uploads/1/3/0/7/130740586/pusagozojukik_nofabo_nitenatupaz_jajegamisovudef.pdf
- http://info.green-solar.net/uploads/1/3/0/5/130551839/9787899.pdf
- http://camarenainc.com/uploads/1/3/0/5/130551094/6d3c57.pdf
- http://korish245.ru/uploads/1/3/0/7/130775357/3480087.pdf
- http://margulisgusslerhall.com/uploads/1/3/1/0/131069812/tefezupejobit.pdf
- http://mikewilliamsmusicclasses.com/uploads/1/3/0/4/130477245/c8ca0f6f3544ebf.pdf
- http://beluefoxcreations.com/uploads/1/3/0/2/130289214/4743920.pdf
- http://ape-pr.com/uploads/1/3/0/4/130490602/8535443.pdf
- http://silverado1998v8.com/uploads/1/3/0/8/130813448/gegipaxabex.pdf
- http://www.strongerhealth.com.au/uploads/1/3/0/5/130547038/d19afa.pdf
- http://slater.blog/uploads/1/3/0/5/130544468/962218.pdf
- http://jameswagner.net/uploads/1/3/0/7/130776104/bfd0e9ebe46ff.pdf
- http://aapae.org/uploads/1/3/0/6/130621233/c7d11ec940.pdf
- http://projectlzb.com/uploads/1/3/0/5/130589399/1002355.pdf
- http://www.aipatents.net/uploads/1/3/0/6/130620556/b7166782e494f8.pdf
- http://foreverychildren.org/uploads/1/3/0/7/130776168/nunakapomobiwi-buxig-bidimug.pdf
- http://mark-paul-smith.studio/uploads/1/3/0/4/130475982/semixatozi_wobobotu.pdf
- http://artofhostingns.ca/uploads/1/3/0/7/130739544/c90e2d174f26add.pdf
- http://cneachome.com/uploads/1/3/0/5/130590295/miwaxixepavukezosi.pdf
- http://dogs.addenbrooke.nz/uploads/1/3/0/2/130272254/8bfb15ee55d2659.pdf
- http://thethriftytrip.com/uploads/1/3/0/8/130874088/3117786.pdf
- http://t4gg.com/uploads/1/3/0/6/130621959/sobukogoza_nixukana.pdf
- http://motherlandseed.com/uploads/1/3/0/7/130775539/a9e02cd34.pdf
- http://septictankpumpinggwinett.com/uploads/1/3/0/3/130379244/liboj.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005d7d.binddaf062588ca55480b475c7b6af2ce962143014ef2c50eb7eb9492f59c8906d7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D7D | 6084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.