MALICIOUS
224
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0008
Heuristics 7
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Cracked-software lure uses shortlink/download gateway critical PDF_CRACKED_SOFTWARE_SHORTLINK_LUREPDF visible text advertises a crack, serial number, archive, or pirated-software download and pairs it with a shortlink or encoded download gateway. This is a high-confidence social-engineering carrier for unwanted software or droppers; the PDF itself is not a parser exploit.
-
Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARMPDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/?hospitals=cavernositis/VmlzdWFsIFBhcnNpYyA0IDYwVml/experiencd/ZG93bmxvYWR8eno3YjNNNGRYeDhNVFkxTkRrNE9URTJNbng4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/mcgillivary/nourison/sourze/glaza PDF link annotation
- https://roofingbizuniversity.com/wp-content/uploads/2022/06/gilageri.pdfIn PDF document text
- https://poetbook.com/upload/files/2022/06/hTxQ5WFtZ7xwouxMH8DH_12_ecc4559e104616fb5100a54ee1d68bee_file.pdfIn PDF document text
- http://www.ndvadvisers.com/inventor-2014-free-new-download-keygen-xforce/In PDF document text
- https://poetbook.com/upload/files/2022/06/smuwZ6oPgdcY397TMEkx_12_1f7611b4722ca4e75226f8730b489c27_file.pdfIn PDF document text
- https://delicatica.ru/wp-content/uploads/2022/06/Selecline_Ppw_10_Driver.pdfIn PDF document text
- http://www.wellbeingactivity.com/2022/06/12/leann-rimes-discography-1996-2011-best/In PDF document text
- https://blankbookingagency.com/?p=259778In PDF document text
- https://totallights.com/wp-content/uploads/2022/06/Westerado__Double_Barreled_GOG_Hack_Torrent.pdfIn PDF document text
- https://newsygadgets.com/2022/06/12/emergency-4-riverside-mod/In PDF document text
- https://www.indiecongdr.it/wp-content/uploads/2022/06/Die_Schlacht_Um_Mittelerde_2_No_Cd_Crack_Deutsch.pdfIn PDF document text
- https://tvlms.com/wp-content/uploads/2022/06/Magic_Utilities_55serial_Incl_Free_Download_TOP.pdfIn PDF document text
- https://polydraincivils.com/wp-content/uploads/2022/06/valhaid.pdfIn PDF document text
- https://mimaachat.com/upload/files/2022/06/eb7nraOV8GQpaStZcqsO_12_ab663b0610f9d762196ebbc70496ce5b_file.pdfIn PDF document text
- https://blu-realestate.com/pirates-facebook-hack-v-1-2-original-serial-2021/In PDF document text
- https://www.rumahpro.id/wp-content/uploads/2022/06/Blancco_Drive_Eraser_6110_Crack_Full_review.pdfIn PDF document text
- https://lalinea100x100.com/2022/06/12/hogaya-dimaagh-ka-dahi-download-utorrent-movies/In PDF document text
- https://rsmerchantservices.com/kundli-pro-7-incl-crack-21/In PDF document text
- https://cryptic-temple-19692.herokuapp.com/spot_subtitle_editor_51_crack.pdfIn PDF document text
- http://xn----dtbhabafp9bcmochgq.xn--p1ai/wp-content/uploads/2022/06/Download_Signalyst_Hq_Player_Full_Crack_Kid.pdfIn PDF document text
- http://evacdir.com/?hospitals=cavernositis/vmlzdwfsifbhcnnpyya0idywvml/experiencd/zg93bmxvywr8eno3yjnnngryedhnvfkxtkrrne9urtjnbng4twpvnu1iedhlrtbwsuzkdmntundjbvz6y3lcyldfmu1vbejesuzzeulgqkvsbda/mcgillivary/nourison/sourze/glazaIn PDF document text
- https://shapshare.com/upload/files/2022/06/fewTpALoLZxE4PqqrhrL_12_1f7611b4722ca4e75226f8730b489c27_file.pdfIn PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00000f12.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xF12 | 120140 bytes |
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
|||
font_01_sfnt_off0000bcf5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBCF5 | 76772 bytes |
SHA-256: 07ce6fea3c98bf59133021be55ce9147f9c26365efe580a2a4f82130ca697f54 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.