MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are numeric slugs pointing to PDF files, indicating a link farm for SEO manipulation or traffic redirection. One of the primary external links leads to a URL that appears to be a phishing lure for salary information. While no scripts were explicitly extracted, the PDF structure and the presence of numerous external links suggest a malicious intent to redirect users to potentially harmful websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.8273
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nomylo.ru/pbw?utm_term=how+much+do+pr+account+executives+make
- https://wazuwivanesigov.weebly.com/uploads/1/3/4/4/134431766/c6f3b8445.pdf
- https://fopepusev.weebly.com/uploads/1/3/1/3/131383694/madakam.pdf
- https://ridegagix.weebly.com/uploads/1/3/4/6/134668883/be265db2d937240.pdf
- https://zanokelalugabu.weebly.com/uploads/1/3/5/3/135315143/tadoje-rekuveteg.pdf
- https://widafesisitix.weebly.com/uploads/1/3/5/3/135321065/4900541.pdf
- https://sivagodumojuji.weebly.com/uploads/1/3/4/2/134235915/jatuninejumavofita.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/8342b797-a7ec-473f-826e-b3e8643774dd/32252538278.pdf
- https://uploads.strikinglycdn.com/files/b7442731-2941-4777-9aae-2c915087238d/fujitsu_halcyon_cost.pdf
- https://uploads.strikinglycdn.com/files/b6c5e048-207d-4b85-a215-0a3cf9879295/pokemon_sword_legendary_quest_guide.pdf
- https://uploads.strikinglycdn.com/files/eba8a60a-ba59-4bc5-b08a-8d4e3853a6ca/habits_of_mind_for_high_school_students.pdf
- https://uploads.strikinglycdn.com/files/1e5e2cfe-42f7-4ea8-9563-166af2baa725/jumapenikixejakadiwo.pdf
- https://uploads.strikinglycdn.com/files/698af8e2-ea11-46e3-8921-1a120f8a0c0c/89613026708.pdf
- https://uploads.strikinglycdn.com/files/4633d3d0-4ecb-45bd-98d4-fc15179a31f7/what_do_you_do_in_creative_writing.pdf
- https://uploads.strikinglycdn.com/files/f4eff696-443b-43ac-ae63-560489d77ad5/milwaukee_m18_12.0_battery_home_depot.pdf
- https://uploads.strikinglycdn.com/files/197a5b09-4980-44f0-ae06-dfd66d3743e9/why_does_my_dyson_dc58_keep_cutting_out.pdf
- https://uploads.strikinglycdn.com/files/47bf8b6f-7290-4e63-8603-06978917bd39/yes_i_think_so_meaning_in_hindi.pdf
- https://uploads.strikinglycdn.com/files/395add76-cc71-4e0e-99b5-3369c72960b1/17603605168.pdf
- https://uploads.strikinglycdn.com/files/4377e758-d533-4e38-ab58-754524888e19/52909832540.pdf
- https://uploads.strikinglycdn.com/files/7febed88-7f9c-40d3-aa24-2d2e466df8f3/imagenes_modelo_atomico_de_schrodinger.pdf
- https://uploads.strikinglycdn.com/files/71803dd3-0edc-4ee5-9207-280bec014bec/juxojaxe.pdf
- https://uploads.strikinglycdn.com/files/7f43c3a1-2316-41fd-8a1c-e2e45db6e6e8/how_to_cook_rice_in_aroma_professional.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0b4.bin6fbe9ba2a08e25f8af688a3d9919d7003cc83325a328ea79cda8303d12a2cb86 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0B4 | 5528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.