MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/123?utm_term=cookout+clipart+pictures PDF link annotation
- https://buwabasowo.weebly.com/uploads/1/3/4/3/134353515/suzovubowojopukiw.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368481/normal_5f98e38f3e76d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4449183/normal_5fb6060364eac.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/4e21cc1a-df6b-417b-a856-c729519062f1/tecnicas_de_judo.pdfIn PDF document text
- https://s3.amazonaws.com/jujojomojemiz/fnb_bursary_application_form_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de65359e-77ef-45e3-988a-fc01051fbe6f/32674975865.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/32ec6c21-87d2-4f0f-b565-3dca3a148394/krell_star_wars_figure.pdfIn PDF document text
- https://s3.amazonaws.com/pulavokaxe/what_is_color_guard_in_jrotc.pdfIn PDF document text
- https://s3.amazonaws.com/rikolesafuwofar/sewing_machine_parts_crossword_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1cb390b-0d1c-423a-9670-f374db56d9f9/nagoxaforejimamaxunodis.pdfIn PDF document text
- https://s3.amazonaws.com/kagedatabujo/airpod_pro_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b26ed54c-51b5-40d0-84cc-6f9731e55f19/guru_charitra_in_english.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ab62.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB62 | 4896 bytes |
SHA-256: ce964750523cedc046201dab61e8d7ed85ebd3e80915798ccb0126fcbb480be4 |
|||
font_01_sfnt_off0000bc16.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC16 | 9944 bytes |
SHA-256: d93e39f4609c2667e77dbdc757b5d8da851277b22860392da1ec6317aa2b5e97 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.