MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
This PDF file was flagged by a machine learning classifier as malicious. It contains a large number of external links to PDF files hosted on various domains, indicating a link farm or redirection scheme. The primary URL points to a page with a title related to a medical condition, likely a lure to disguise the malicious intent. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://houstonasta.voyagerwebsites.com/uploads/1/3/0/4/130483900/130483900.html#diabetic+ketoacidosis+cerebral+oedema
- http://bch-marketing.com/uploads/1/3/0/6/130640229/bagifowajuzatufajaga.pdf
- http://247thcombatengineers.org/uploads/1/3/0/6/130620868/21b4726b2.pdf
- http://north-carolina-charlotte-real-estate.com/uploads/1/3/0/3/130313123/dc26cdf7191f1.pdf
- http://tastesoftranscendence.com/uploads/1/3/0/5/130588498/jutodobu_jokuwosavi_rixaloma.pdf
- http://802products.net/uploads/1/3/0/5/130589413/nifafibepo_kavovuduwulo.pdf
- http://starspinwheel.com/uploads/1/3/0/4/130488181/9336619.pdf
- http://ececonline.org/uploads/1/3/0/2/130289377/zupulovomigebose.pdf
- http://74-123-78-198.mgwnet.com/uploads/1/3/0/2/130272336/5860792.pdf
- http://www.rvrproductions.com/uploads/1/3/0/5/130588405/7625876.pdf
- http://theeightoneseven.com/uploads/1/3/0/5/130539235/solivobawomapoketi.pdf
- http://www.heartofcaregivingpetsgroomer.com/uploads/1/3/0/6/130603873/ad21fa79851.pdf
- http://caqrecords.com/uploads/1/3/0/6/130605278/1374380.pdf
- http://www.bordercityhippies.com/uploads/1/3/0/5/130547405/subiji.pdf
- http://dvcreationz.com/uploads/1/3/0/5/130542968/9734217.pdf
- http://www.cabranegra.net/uploads/1/3/0/9/130969747/ninelazuxoka_vazilototiwagev.pdf
- http://advokat-moscow24.site/uploads/1/3/0/2/130272509/biwofekawafit.pdf
- http://greenmeadowsfarms.org/uploads/1/3/0/7/130775017/didejijujuju.pdf
- http://74-123-76-103.mgwnet.com/uploads/1/3/0/7/130775652/debusokidemow_lezakuw_ninebasomuni.pdf
- http://74-123-79-193.mgwnet.com/uploads/1/3/0/8/130813848/kuvuwupo-gojabiwasis-rasajop-nolanaw.pdf
- http://myjandj.com/uploads/1/3/0/6/130604962/734fea93463c.pdf
- http://www.globalsoundstation.com/uploads/1/3/0/7/130775545/sugak.pdf
- http://monto.com.mx/uploads/1/3/0/8/130814226/9568312.pdf
- http://luchalibrevive.com/uploads/1/3/0/2/130289271/3119bd68723b4a.pdf
- http://www.coloradospringsoption.com/uploads/1/3/0/9/130969220/1159946.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c643.bin4f864dc2005c7e54522be472011e0b1d8163dfa1eb54d046abfc734ff18bda3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC643 | 8300 bytes |
font_01_sfnt_off0000e600.bin57b11507310a54ac1804785031a6c50e3b77163964f97d9b63d647909f1b8434 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE600 | 16088 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.