MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or distribution mechanism. The ML classifier also strongly indicated maliciousness. The document body contains a mix of seemingly unrelated text and embedded URLs, further supporting the link farm or SEO manipulation attack pattern. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://iavnt.com/uploads/1/3/1/3/131398142/131398142.html#mata+rani+ke+bhajan+video++hd
- http://oemaintenancejanitorial.com/uploads/1/3/0/7/130739284/1432703.pdf
- http://bluelinegroupcma.com/uploads/1/3/0/5/130539009/vewitosoduzogi_kowukuzijido_jorogido.pdf
- http://jerryschoice.com/uploads/1/3/0/7/130775646/nametifokokad_gikul.pdf
- http://golferstail.com/uploads/1/3/0/7/130774968/voberodalur_tapulifujama.pdf
- http://masondixonequine.com/uploads/1/3/1/1/131163687/lakefafuwu_gurujo_worot_nufewuxupemez.pdf
- http://atlanta96ev.de/uploads/1/3/0/8/130813931/9537033.pdf
- http://nicholassjohnson.org/uploads/1/3/0/5/130589362/d9d8ec32.pdf
- http://802270307669500076.com/uploads/1/3/0/4/130435746/kajakugulo_dituxe_kuderoxaxa_nidabupedibora.pdf
- http://artbyjasminehenley.com/uploads/1/3/0/6/130605196/metukuj.pdf
- http://lifetimewatchbattery.com/uploads/1/3/0/5/130544138/fotegi-jovawexebuwuvu-kojido-mogudafupewu.pdf
- http://manhemsnytt.se/uploads/1/3/1/4/131407547/zalinunolota_niponuf.pdf
- http://thejourneystudio.net/uploads/1/3/1/4/131438427/105658.pdf
- http://a1specialcareltd.com/uploads/1/3/0/6/130640025/ramefoxebezowizuliwi.pdf
- http://knbwholesale.com/uploads/1/3/0/7/130738956/wejujegem.pdf
- http://jeffersonflowerfestival.com/uploads/1/3/0/8/130813416/3628560.pdf
- http://mamouniahaircare.com/uploads/1/3/1/3/131378921/gukemujadobod.pdf
- http://perendies.com/uploads/1/3/0/4/130483318/jizaxubit.pdf
- http://optshoppers.com/uploads/1/3/0/6/130604950/vopinowanadigam.pdf
- http://waterstonesociety.net/uploads/1/3/1/3/131383533/werareza.pdf
- http://gaualauf.com/uploads/1/3/1/4/131483281/691307.pdf
- http://bluhorizontravel.com/uploads/1/3/0/6/130639994/jutekokinuti.pdf
- http://milieu-art.com/uploads/1/3/1/1/131164205/fumowudaguf.pdf
- http://gsocounselingpartners.com/uploads/1/3/0/7/130776222/c937c3c0ec10.pdf
- http://diegoquevedo.com/uploads/1/3/0/5/130539518/83bfe1378.pdf
- http://hklconstruction.com/uploads/1/3/1/6/131607119/kapopebewomi-wapudoregubiza-seserav-xumiwezosevu.pdf
- http://hklconstruction.com/uploads/1/3
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005bd5.binb9ab411638875c35491c189fd452d032c21e6a8ccf2ccd014c95c708c2bcfdc7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BD5 | 9608 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.