MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF file contains a large number of external links, many pointing to disposable hosting, and is classified as a link farm. The embedded document body text, though heavily obfuscated, suggests a lure related to 'computer science pdfs'. The primary function appears to be directing users to a network of websites, likely for SEO manipulation or to host malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/award?keyword=ugc+net+books+for+computer+science+pdf PDF link annotation
- https://cdn.sqhk.co/xufuwejaxe/jj5hd2K/kenanugiwowideladasijuw.pdfIn PDF document text
- https://cdn.sqhk.co/womafafowix/iazAomk/75211809290.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4480880/normal_5fddb601867a1.pdfIn PDF document text
- https://cdn.sqhk.co/xetilibul/hhjblhf/10401628285.pdfIn PDF document text
- https://cdn.sqhk.co/zarudaletok/jbjhjfP/85114100373.pdfIn PDF document text
- https://cdn.sqhk.co/sutekepape/jgCVjgf/april_current_affairs_2019_adda247.pdfIn PDF document text
- https://cdn.sqhk.co/divoxisig/hhyPzic/billie_eilish_brother_instagram.pdfIn PDF document text
- https://cdn.sqhk.co/zokosofu/gjjhbje/sumo_ipo_date.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4419425/normal_600ec24349ea1.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4367000/normal_5feeb1dad5551.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4385004/normal_6042de210aca4.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://05491ccc-77c7-428b-9c25-74f2c6c50d4a.filesusr.com/ugd/d51d36_e3a5a55e433a41cdbd996a60b2839007.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/f8ea3726-78af-4794-a9d1-99dcd40c886d/t_trimpe_2002_chemistry_crossword_answers.pdfIn PDF document text
- https://39c3e2ba-dcb8-4bc0-9ed7-0058f02c59d5.filesusr.com/ugd/fd4c29_b46b912b271749129885f2afebabc692.pdf?index=trueIn PDF document text
- https://34570882-574e-4d25-8c0e-d8b9b6c2967f.filesusr.com/ugd/cb2bed_fb82996b95694b00a1dc71e30fe449a7.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/ab1f6a69-bc1e-494a-82b2-3890d1b972c1/95179972326.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4eb685cc-e372-4c1b-82da-134a004880d5/alan_watts_quotes_dream_of_life.pdfIn PDF document text
- https://2ea9429b-0332-4ee6-bb75-ab9535b56c99.filesusr.com/ugd/e2f7e1_0147fb15858d492fb8b76d95c65ba377.pdf?index=trueIn PDF document text
- https://f26e6bca-ce10-4524-9610-ed5ef7c8d48b.filesusr.com/ugd/ac8c68_9139b6a490e7435191b6eb0923672130.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/2bfe0b26-8108-422a-92ab-5808236fb29e/90217339929.pdfIn PDF document text
- https://9462281c-6212-45c1-8f90-c4e3c363a226.filesusr.com/ugd/007d40_23e34cc090b146c1a7cf7dd837b579e4.pdf?index=trueIn PDF document text
- https://be56f97b-0727-4a8e-a141-4155b83e75ac.filesusr.com/ugd/5034d0_70323e39d8f14638ad1a1d3eb92cd934.pdf?index=trueIn PDF document text
- https://ed59cdd8-0d75-4634-8bb2-7afdb9da103e.filesusr.com/ugd/9cb112_3c816355642a4437859b4f01ee7a322b.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f216.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF216 | 5428 bytes |
SHA-256: 908ccdaae9e79dae5a434fb9223fe073467367ad93904b04187fb6bfa5f6ab8f |
|||
font_01_sfnt_off00010480.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10480 | 11100 bytes |
SHA-256: 806776ca031e8fedc5cd1a51ceca35304b3fe232a537498fd399c495945e6a1b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.