MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically flags this behavior, indicating a potential attempt to drive traffic to a network of related domains. The document body itself is heavily obfuscated but contains references to the URLs, reinforcing the link-farming attack pattern. No scripts were extracted, limiting the analysis of direct payload delivery mechanisms.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://airdeliger.com/uploads/1/3/0/6/130604458/130604458.html#oraciones+exhortativas+para+ni%C3%B1os PDF link annotation
- http://thenerdink.com/uploads/1/3/0/2/130274258/6323512.pdfIn PDF document text
- http://henleynaturalburial.com/uploads/1/3/0/6/130620852/fizifim.pdfIn PDF document text
- http://lngsolar.net/uploads/1/3/0/7/130740142/kuvava-mirof.pdfIn PDF document text
- http://tryhardkitchen.com/uploads/1/3/0/3/130323224/gexazasobemojizoz.pdfIn PDF document text
- http://logicmarketingbusiness.com/uploads/1/3/1/4/131406173/9954370.pdfIn PDF document text
- http://hakayanairouz.com/uploads/1/3/0/6/130639760/fojomuserevub.pdfIn PDF document text
- http://indefinitequantity.com/uploads/1/3/0/6/130639951/9358030.pdfIn PDF document text
- http://bookings.mooremelodies.co.uk/uploads/1/3/0/4/130476427/8456392.pdfIn PDF document text
- http://more-inh.com/uploads/1/3/0/3/130379305/ec032d3f9.pdfIn PDF document text
- http://willfredogerardo.com/uploads/1/3/0/6/130639283/limik_ferevu.pdfIn PDF document text
- http://csge.eu/uploads/1/3/0/4/130488934/vavazimipafe.pdfIn PDF document text
- http://thompsonhomeservicesllc.com/uploads/1/3/0/4/130489564/1959422.pdfIn PDF document text
- http://cultivating-talent.com/uploads/1/3/0/6/130605173/faxevewojol.pdfIn PDF document text
- http://wholesaledirectguam.com/uploads/1/3/1/3/131380045/dd31e825367338e.pdfIn PDF document text
- http://amikrecords.com/uploads/1/3/1/3/131384256/3188531.pdfIn PDF document text
- http://magadhi.net/uploads/1/3/0/6/130621481/6393848.pdfIn PDF document text
- http://greenbestmachine.com/uploads/1/3/0/3/130313213/73bc5f1bcf8bf9e.pdfIn PDF document text
- http://windycityseries.com/uploads/1/3/0/6/130621727/503440.pdfIn PDF document text
- http://ritasclassydesigns.com/uploads/1/3/0/5/130550731/1936054.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000070c9.bin4a53571059f49bfe079316fe9af6440559c65b2baf0ab753002ea1b9ac9a39d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x70C9 | 8408 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.