SUSPICIOUS
44
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0405
Heuristics 3
-
PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINKPDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.hofmannmedical.cl/agepdfs/breakfire.php/bsabionscvnmnoxvzoufdvms16420862xPm.pdf PDF link annotation
- http://www.hofmannmedical.cl/agepdfs/breakfire.php/nkdbGnxzcGoozximkYoiondPblmwro16440245is.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/fbbdhxk_dxvPhfbPsiemaxfrhnQ16437692rt.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/_JxhrndfxlJJxaaeod_un16460277QPv.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/PxnsGalscPstbr16378059mi.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/ckk_vkzYQhGc16465770a.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/irkwYnecrlnm16466361mQl.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/izkiJba_ovfohemrec16437664ab.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/oom_GhPnxfPvYvvdustdomrhuYtfm16382799oi.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/kPuzukJm16371207fc.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/utslshecndJni_16378033nh.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/zznhQ_hrudrJhuelJeG16427854w.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/fbm_fzcYsYkaGGkk_16466168w.pdfIn PDF document text
- http://www.hofmannmedical.cl/agepdfs/breakfire.php/dzmcmxoookvkkkhskYl_srbcixxi16393054Qhv.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/rduvcmcGzkfJ16371314rr.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/feYPmdfeG16378264h.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/xhvnuonxQrkz_Jl16371354GPen.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/nsJvanestYeuY_v16444685w.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/ozotQ_fiiPhvwvfYoQazhssdzsnQzQ16427737b.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/e_fPct_okwa_PvzktoQbefsucPsx16437732w.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/QaduPdtzxQYlifsPYebJYwulPnGfti16410937x.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/cciYvx_btQbb16377997xr.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/xkQvzzPcmmYvkcwilccwfinfzw16460164ntfl.pdfIn PDF document text
- http://www.hofmannmedical.cl/agepdfs/breakfire.php/JPkt16393043asYl.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/ubmuQusuxJehrJdx16444485_Qx.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/JtlemttmJsrud_xdnYeu16371454mds.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/PGbbGswYQY_rsnrt16371260vQa.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/txbcne16371337aJow.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/mxxvQbG16371866blod.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/zzsnQYaPwxxivioPeJmbQl16382962edwn.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/tmbvlexefwoQid16466345e.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/ntmlQoxGsrskeQnYv16459988a_cd.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/iubnPkfkJwJloxlQhhGenww16378233u.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/aYodJveswondv16371181PvhP.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/Prvma_dmnttQGGuafkGPwor16410735bc.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/bwubditfxo16462680fb.pdfIn PDF document text
- http://msb.vuzf.bg/.cgi/zsvdtxxhuv_tbzeJvvfxnJmdhzwJ12527338itr.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/dnnfuixacemixGQcf16463683k.pdfIn PDF document text
- http://www.hofmannmedical.cl/agepdfs/breakfire.php/PsfuP16440034fPh.pdfIn PDF document text
- http://www.knot-tech.com/supportanswer/fullsupport.php/aP_nPmJQG16397018G.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/doixPkzebilJnvn16465633d.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/rkuGw16370985sJ.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/Gkincsnbcnm_w16460085vdk.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/nPizkxuGxJbh16444552utQ.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/uxwkPaxruucdlwhtnnewcfm_Pie16371329GeP.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/kvvzlibvi_o_fomtPJrQbweQwaedvt16383148i.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/_klofdPurfkwenJnJdat_16460088zJr.pdfIn PDF document text
- http://rehabilitacja.hekko24.pl/filesquite/lPzkeioQwQtf16437656dzQ.pdfIn PDF document text
- http://redhorseysbus.com/manualorganize/eQfhwwixeeiPrbskeoG_fawvxoz16378259m.pdfIn PDF document text
- http://www.hofmannmedical.cl/agepdfs/breakfire.php/bavbeGGdsotYwrhlebllPzYzQvQ16392593hz.pdfIn PDF document text
+27 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000b126.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xB126 | 19984 bytes |
SHA-256: a09fcc2fa1ed67d4b535248f6c69e5dd348510206469f04c5194e0954f741122 |
|||
font_01_sfnt_off0000e71e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE71E | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off00011ce4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11CE4 | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.