MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1598 Gather Victim Identity Information
T1204 Malicious Link
The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged this document with high confidence. The embedded URLs suggest a link farm or redirection scheme, likely intended to drive traffic or host further malicious content. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://cityonloc.com/uploads/1/3/0/4/130436014/130436014.html#coenzyme+form+of+biotin
- http://a1lift.org/uploads/1/3/1/4/131454065/7318832.pdf
- http://ghadpa.com/uploads/1/3/0/2/130287553/vezegovulexexafutid.pdf
- http://smokingdollhead.com/uploads/1/3/0/5/130588395/bavibewejonefas.pdf
- http://forthdegree.com/uploads/1/3/0/7/130775682/dipexut.pdf
- http://midlandsparanormalsociety.com/uploads/1/3/0/2/130288006/4458658.pdf
- http://analyticsplayground.org/uploads/1/3/1/3/131379353/xajevet_jugix_lorolirewis.pdf
- http://silverrestore.com/uploads/1/3/0/5/130544953/wusotuzulewovev.pdf
- http://accounttorres.com/uploads/1/3/0/2/130292013/ae4851b0.pdf
- http://jeffhovel.com/uploads/1/3/0/7/130739309/fosisokapigijon.pdf
- http://theflyingdachshundandmary.com/uploads/1/3/0/2/130289242/tepuve.pdf
- http://nicole-carmody.com/uploads/1/3/0/5/130545753/745311.pdf
- http://chamoisinfo.com/uploads/1/3/0/2/130271121/2489745.pdf
- http://jackatrandom.com/uploads/1/3/0/9/130968992/silogawefumix_mimetojarazirib_vebif.pdf
- http://warwickvalleytravel.com/uploads/1/3/0/2/130287988/6160320.pdf
- http://thsledarskap.com/uploads/1/3/0/5/130589302/3845413.pdf
- http://bysarahnikki.com/uploads/1/3/0/2/130291029/muzujuk-nazapukinapex-pirexida-vozipivudoso.pdf
- http://celebratenl.ca/uploads/1/3/0/4/130476878/nuridevevifipiwaf.pdf
- http://rubberbymok.com/uploads/1/3/0/6/130639745/mejeku_vewajifosesakov.pdf
- http://kilpatrickpropertygroupllc.com/uploads/1/3/0/3/130323774/mejudazodu.pdf
- http://5enses.ca/uploads/1/3/0/4/130483322/punowulimumejaxagom.pdf
- http://eveil-universel.fr/uploads/1/3/0/2/130288441/8d23398e181c.pdf
- http://infirmiere-laciotat.com/uploads/1/3/1/4/131453177/losinatotevowogubes.pdf
- http://atcleaningservice.com/uploads/1/3/0/3/130323173/bisunaze_jeruretin.pdf
- http://sanantoniotreeremoval.com/uploads/1/3/0/6/130603917/xeniw.pdf
- http://safeeats.org/uploads/1/3/0/7/130776200/gipisir.pdf
- http://jeffhovel.com/u
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008155.bin6e89c1059bfb48ded0a0a8de4dcf7066819fdaac23c8c4d1dc8f25553d1e4b88 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8155 | 10600 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.