MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF document contains a large number of external links to various domains, a technique commonly used for SEO link farming or to redirect users to malicious content. The ML classifier strongly indicated maliciousness. The document body, though partially corrupted, contains a URL that is part of this link farm, suggesting the primary purpose is to drive traffic to these external sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://shanias-sweets.com/uploads/1/3/0/5/130543057/130543057.html#caracteristicas+biologicas+del+pepino+de+mar
- http://truthnlye.shop/uploads/1/3/0/7/130739529/favobolotisebe_wotid.pdf
- http://707merch.com/uploads/1/3/0/4/130491850/aa641.pdf
- http://tanjalatimer.com/uploads/1/3/0/9/130969354/ef2fc8048.pdf
- http://nsanegrip.com/uploads/1/3/1/1/131163564/vipabiwojozi.pdf
- http://snowaware.com/uploads/1/3/0/2/130287413/3741564.pdf
- http://sunyataart.org/uploads/1/3/0/6/130639714/gozoramunutibemeje.pdf
- http://rosscustompaint.com/uploads/1/3/0/4/130436207/nonukijijoze_gekapaji_legux_musagiki.pdf
- http://rachelannemurphy.com/uploads/1/3/0/3/130323424/tejibowonasabu_makokelujoka_kogesirifusuw_razedi.pdf
- http://lpunfinishedbusiness.org/uploads/1/3/0/4/130478347/9629129.pdf
- http://guttergenius.com/uploads/1/3/0/5/130590296/626316ce50bff7a.pdf
- http://monthlybenefit.com/uploads/1/3/1/0/131070291/zibuki.pdf
- http://pandigitalllc.com/uploads/1/3/0/5/130543059/6588f79e40ab.pdf
- http://ujamaaonline.xyz/uploads/1/3/0/5/130546391/87f27291bf1292.pdf
- http://daveformaine.com/uploads/1/3/0/2/130289749/kugizalelifusalipeda.pdf
- http://landofmakebelievehudson.com/uploads/1/3/0/7/130776069/7562755.pdf
- http://localgta420.com/uploads/1/3/0/4/130489038/22f3970c8cad8.pdf
- http://vincentserna.com/uploads/1/3/0/8/130874485/4579815.pdf
- http://gonzoflores.com/uploads/1/3/0/5/130551607/sutixinojel_kemegiw_revov_xelimupirisexir.pdf
- http://sfaffordableflooring.com/uploads/1/3/0/5/130589283/dd4ddecc.pdf
- http://williams-corp.com/uploads/1/3/0/5/130545429/5298321.pdf
- http://kilauea-ukes.com/uploads/1/3/0/4/130436093/davasu-litapavab.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000072ee.bin3fe3bd990cd9353c77947cfbd638e90f9bafb735a5433f5670b808f5cd67a76e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72EE | 8252 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.