MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF file contains a direct link to an executable or archive payload, disguised as a Wikipedia article related to payment services. This heuristic, combined with the ML classifier's high confidence, suggests a malicious intent to trick the user into downloading and executing a payload. The linked URL itself is benign, but the PDF's structure indicates a malicious intent to deliver a payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9567
Heuristics 3
-
PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINKPDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://en.wikipedia.org/w/index.php?title=Payment_service_provider
- http://en.wikipedia.org/w/index.php?title=24x7payments.com
- http://en.wikipedia.org/w/index.php?title=AlertPay
- http://en.wikipedia.org/w/index.php?title=Barclaycard_ePDQ
- http://en.wikipedia.org/w/index.php?title=Beenz
- http://en.wikipedia.org/w/index.php?title=Bucks_Net
- http://en.wikipedia.org/w/index.php?title=CyberBucks
- http://en.wikipedia.org/w/index.php?title=DigiCash
- http://en.wikipedia.org/w/index.php?title=CyberCoin
- http://en.wikipedia.org/w/index.php?title=Datacash
- http://en.wikipedia.org/w/index.php?title=ECash
- http://en.wikipedia.org/w/index.php?title=Elavon
- http://en.wikipedia.org/w/index.php?title=FasterPay
- http://en.wikipedia.org/w/index.php?title=Firstgate
- http://en.wikipedia.org/w/index.php?title=Flooz
- http://en.wikipedia.org/w/index.php?title=Heidelpay
- http://en.wikipedia.org/w/index.php?title=HSBC
- http://en.wikipedia.org/w/index.php?title=IKobo
- http://en.wikipedia.org/w/index.php?title=IKP
- http://en.wikipedia.org/w/index.php?title=LibertyReserve
- http://en.wikipedia.org/w/index.php?title=MagicMoney
- http://en.wikipedia.org/w/index.php?title=Microeuro
- http://en.wikipedia.org/w/index.php?title=MicroMint
- http://en.wikipedia.org/w/index.php?title=Micromoney
- http://en.wikipedia.org/w/index.php?title=MilliCent
- http://en.wikipedia.org/w/index.php?title=Mondex
- http://en.wikipedia.org/w/index.php?title=Moneybookers
- http://en.wikipedia.org/w/index.php?title=MPAY24
- http://en.wikipedia.org/w/index.php?title=NetCash
- http://en.wikipedia.org/w/index.php?title=Ouroboros
- http://en.wikipedia.org/w/index.php?title=Pago
- http://en.wikipedia.org/w/index.php?title=PayMe
- http://en.wikipedia.org/w/index.php?title=PayPal
- http://en.wikipedia.org/w/index.php?title=PayPay
- http://en.wikipedia.org/w/index.php?title=PayPoint.net
- http://en.wikipedia.org/w/index.php?title=PaySafeCard
- http://en.wikipedia.org/w/index.php?title=PayYourRent.com
- http://en.wikipedia.org/w/index.php?title=PayXpert
- http://en.wikipedia.org/w/index.php?title=PayWord
- http://en.wikipedia.org/w/index.php?title=PeerTransfer
- http://en.wikipedia.org/w/index.php?title=Peppercoin
- http://en.wikipedia.org/w/index.php?title=Qunits.net
- http://en.wikipedia.org/w/index.php?title=RBS_WorldPay
- http://en.wikipedia.org/w/index.php?title=Realex
- http://en.wikipedia.org/w/index.php?title=RentPayment
- http://en.wikipedia.org/w/index.php?title=Sage_Pay
- http://en.wikipedia.org/w/index.php?title=Safecharge
- http://en.wikipedia.org/w/index.php?title=Secure_Trading
- http://en.wikipedia.org/w/index.php?title=SIX_Card_Solutions_GmbH
- http://en.wikipedia.org/w/index.php?title=SubScrip
+9 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.