MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains heuristics indicating it is a fake download lure, specifically using SEO poisoning tactics. The document body and embedded URLs point to 'uncpbisdegree.com', which is likely hosting a malicious payload disguised as 'the-balcony-le-balcon.pdf'. The ML classifier also flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9062
Heuristics 4
-
Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOADThe ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=the-balcony-le-balcon.pdf
- http://uncpbisdegree.com/download4.php?q=the-balcony-le-balcon.pdf
- http://www.balconytv.com/
- http://cobblestoneparis.com/Balcon-Notre-Dame
- http://www.hotelbalconeuropa.com/
- https://soumissionrenovation.ca/fr/patio-balcon
- http://www.benidorm.info/el-balcon-del-mediterraneo
- http://www.cinqueterre-camere.com/
- http://thehuuvandan.org/lit.html
- http://www.bristol-verbier.ch/
- http://theskydeck.com/
- http://www.hotel-biarritz.com/
- https://cultivetaville.com/encyclopedie/le-jardin-a-z/demarrer-son-jardin/choix-des-plants-especes-cultivables/
- http://www.spectacle.ca/montreal/
- http://www.jardineriepasero.com/
- http://riverside-resort.net/1/yanmar-2gm-15-manual.pdf
- http://uncpbisdegree.com/1/service-manual-2000-jeep-grand-cherokee-laredo.pdf
- http://riverside-resort.net/1/volcano-eyewitness.pdf
- http://riverside-resort.net/1/volvo-cruise-control-system-d12a.pdf
- http://uncpbisdegree.com/1/the-facts-on-the-file-dictionery-of-astronomy.pdf
- http://uncpbisdegree.com/1/stillwell-a-haunting-on-long-island-kindle-edition-michael-phillip-cash.pdf
- http://riverside-resort.net/1/worthy-part-3-the-worthy-series.pdf
- http://riverside-resort.net/1/vinyl-asbestos-tile-identification.pdf
- http://riverside-resort.net/1/vw-golf-mk2-diesel-manual.pdf
- http://uncpbisdegree.com/1/social-science-questions-and-answers.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://en.wikipedia.org/wiki/The_Balcony
- https://www.xvideos.com/video11834601/perfect_girlfriend_dance_on_balcony_-_novia_perfecta_baila_en_el_balcon
- https://www.xnxx.com/video-71nmx24/perfect_girlfriend_dance_on_balcony_-_novia_perfecta_baila_en_el_balcon
- https://www.britannica.com/topic/The-Balcony
- https://www.xvideos.com/?k=balcon
- http://www.alohatube.com/new/balcony
- http://www.wordreference.com/enfr/balcony
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.wordreference.com%2fenfr%2fbalcony
- https://www.xnxx.com/video-8pnrdcb/sexroulette24.com_-_polvo_en_el_balcon
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=https%3a%2f%2fsoumissionrenovation.ca%2ffr%2fpatio-balcon
- https://www.cdiscount.com/maison/r-parasol+balcon.html
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=https%3a%2f%2fwww.cdiscount.com%2fmaison%2fr-parasol%2bbalcon.html
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.bristol-verbier.ch%2f
- http://www.wordreference.com/enfr/relish
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.wordreference.com%2fenfr%2frelish
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.hotel-biarritz.com%2f
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=https%3a%2f%2fcultivetaville.com%2fencyclopedie%2fle-jardin-a-z%2fdemarrer-son-jardin%2fchoix-des-plants-especes-cultivables%2f
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.spectacle.ca%2fmontreal%2f
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.jardineriepasero.com%2f
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
- https://go.microsoft.com/fwlink/?linkid=868922
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
+5 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000053ce.bin62ef0a79ac923ceacb3de1aef3cd448b07c33125e41e5caf36a190c3d3d46b5d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x53CE | 10476 bytes |
font_01_sfnt_off000074fb.bin5d2ab13527b657cc6bd87b795b9e605c22d768ad3fcd978b20d715522b0b64c3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74FB | 6580 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.