MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1105 Ingress Tool Transfer
The PDF contains a large number of external links to other PDF files and HTML pages hosted across numerous domains. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier strongly flagged this PDF as malicious, supporting the assessment of a malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://urfacefix.com/uploads/1/3/1/4/131438622/131438622.html#ten+toes+challenge+beat
- http://nikohachi.com/uploads/1/3/0/7/130739175/2345781.pdf
- http://bluemountainboutique.shop/uploads/1/3/0/5/130589121/xugagarupawez-kogekiduzuwi-segeb.pdf
- http://rossmcintosh.net/uploads/1/3/0/9/130969334/vamusasukukig-wuxajatebefape.pdf
- http://elandinvestmentinc.org/uploads/1/3/0/5/130589366/8bb48c0988f26.pdf
- http://thesphinxofgiza.com/uploads/1/3/1/8/131856877/mejiris_kariruno.pdf
- http://baffen35.com/uploads/1/3/0/6/130605373/3062226.pdf
- http://cogwinconstructors.com/uploads/1/3/0/3/130323126/jedidotitipariz.pdf
- http://vincentfatato.com/uploads/1/3/1/3/131383318/f96cd.pdf
- http://sylvanhallfarm.com/uploads/1/3/0/4/130488569/vubozos.pdf
- http://neptunepoolservices.net/uploads/1/3/0/6/130620840/zobibuweneri.pdf
- http://prettybuilt.com/uploads/1/3/0/5/130588396/zojalisijene_bokidiragoj.pdf
- http://m-ferguson.com/uploads/1/3/0/5/130539734/jotofomewu-timom.pdf
- http://fizzgram.com/uploads/1/3/0/5/130550785/vudujalamoxilomur.pdf
- http://mottlbr.com/uploads/1/3/0/4/130476074/56a06dc.pdf
- http://chrisparkersportfolio.com/uploads/1/3/0/8/130873912/xojumeruseravirani.pdf
- http://ponoservices.com/uploads/1/3/0/3/130379143/4963802.pdf
- http://svcportland.com/uploads/1/3/1/4/131409275/tarof.pdf
- http://westshoreland.net/uploads/1/3/1/0/131069838/semikov.pdf
- http://mustoelaw.com/uploads/1/3/1/3/131379274/ee631546.pdf
- http://kavatravelbureau.com/uploads/1/3/0/4/130488544/4528307.pdf
- http://fortheloveofafrica.com/uploads/1/3/0/6/130639107/dizukatoj_gagezogo_gafamo.pdf
- http://paperflowers-parties.com/uploads/1/3/1/6/131606335/talitejiresenazo.pdf
- http://nilakim.com/uploads/1/3/0/6/130621666/kevuvirukofadip-botujesida-fedani.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005229.bin23d6e455af92a9c8e4976873e69e8b44eaa7b658288ed9223ea0d783229a8f34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5229 | 10748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.