MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1598 Gather Victim Identity Information
T1204 Malicious Link
The PDF file contains a large number of embedded external links, many pointing to PDF files with numeric slugs on various domains. This strongly suggests a link farm or SEO manipulation tactic, rather than a document with legitimate content. The heuristic 'PDF_SEO_LINK_FARM' confirms this by identifying a mass external PDF link farm. No scripts were extracted, and the document body is heavily obfuscated, making it difficult to determine a more specific attack pattern beyond link distribution.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://greenwolfverticalfarm.com/uploads/1/3/0/2/130288410/130288410.html#wood+magazine+tall+adirondack+chair+plans
- http://capobiancositalianspecialties.com/uploads/1/3/0/9/130969077/9253118.pdf
- http://www.parseccommunications.com/uploads/1/3/0/5/130589401/xixavegezupebiro.pdf
- http://ati.solutions/uploads/1/3/0/4/130435955/d517d79dce002f.pdf
- http://upstylebathrooms.net/uploads/1/3/0/5/130590569/lalinuwife-dapodatimox.pdf
- http://harborlightstemple.org/uploads/1/3/0/6/130621215/13a701b362.pdf
- http://faszienmanipulation-mannheim.de/uploads/1/3/0/5/130539357/tegilekir.pdf
- http://matthewmadruga.com/uploads/1/3/0/8/130874011/fejeku_duvonuzaj_dukulegevopigi_ruxabuvelefe.pdf
- http://risingblades.com/uploads/1/3/0/3/130313132/9673405.pdf
- http://spellboundcollies.com/uploads/1/3/0/7/130775370/lapixujejo.pdf
- http://div-yans-huab-hi-chandani.com/uploads/1/3/0/6/130604671/8539751.pdf
- http://actiontanning.com/uploads/1/3/0/6/130620501/mijemozanetibi.pdf
- http://www.simplywildsanctuary.com/uploads/1/3/1/0/131070062/kavejeg_nidifuwasugodi_doxafigitivi_donogibuxe.pdf
- http://www.homefromafrica.com/uploads/1/3/0/5/130540559/vapafajet.pdf
- http://www.hermoney.net/uploads/1/3/0/8/130874198/9192358.pdf
- http://metrix-psy.com/uploads/1/3/0/2/130291874/1eb42e9.pdf
- http://www.funartnc.com/uploads/1/3/0/8/130873983/c85961b.pdf
- http://xw720.bpmtc.com/uploads/1/3/0/2/130291585/07c302627c6f6.pdf
- http://elainetravel.club/uploads/1/3/0/5/130542863/9921085.pdf
- http://mydjdave.com/uploads/1/3/0/4/130489025/e3c084a6d4.pdf
- http://acsconsulting.online/uploads/1/3/0/2/130271128/woxisibovoxagor.pdf
- http://comfortscbd.com/uploads/1/3/0/6/130621238/fd44684f6b22.pdf
- http://waxwingaerial.com/uploads/1/3/0/4/130483309/vukazir.pdf
- http://bookrepairbindery.com/uploads/1/3/0/9/130969488/3287632.pdf
- http://motherstouchmedical.com/uploads/1/3/0/6/130621614/7466363.pdf
- http://stevetrapani.com/uploads/1/3/0/4/130488829/93de356938.pdf
- http://mothersto
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008e5c.bin13b8be689a715215eda46066b1e21887388c726edc344dca796e8a1238069491 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E5C | 7936 bytes |
font_01_sfnt_off0000ad20.bind907c570f1f8f2d62f38d7529dbf77de46ca3a1917ec53aca7a78bae59874b04 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAD20 | 2616 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.