MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The PDF document contains a large number of external links, many of which point to other PDF files hosted on various domains. The heuristic 'SE_BROWSER_INSTALL_LURE' indicates that the document's content likely prompts the user to install a browser extension or update. This suggests a social engineering tactic to trick users into compromising their systems, potentially leading to credential theft or malware installation. The embedded URLs are likely part of this lure or a subsequent stage of the attack.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://sanfranciscopeacetreaty.org/uploads/1/3/0/4/130476483/130476483.html#panasonic+nn+sf574sqpq+27l+1000w+flatbed+microwave+oven
- http://nomi-online.com/uploads/1/3/0/5/130590059/fadewodufenaruzaf.pdf
- http://enchantedfairyyarnworks.com/uploads/1/3/0/5/130540525/b9b13e752cf6e.pdf
- http://uservite.com/uploads/1/3/0/3/130379070/tiritikome-gaxona.pdf
- http://www.mhsvote.net/uploads/1/3/0/7/130775905/923216.pdf
- http://hostmaster.iamump.com/uploads/1/3/0/4/130489331/a7cbae.pdf
- http://charleboiscoachingneurotransition.com/uploads/1/3/1/1/131164251/5f5eb455a0.pdf
- http://stuccoveneziano.ro/uploads/1/3/0/3/130313208/talalejuz.pdf
- http://tskdividends.com/uploads/1/3/0/6/130639073/7658732.pdf
- http://flnursery.com/uploads/1/3/0/6/130604317/zarirur.pdf
- http://allstartechnologies.net/uploads/1/3/0/7/130739538/2046009.pdf
- http://www.learnaboutgaa.com/uploads/1/3/0/7/130775833/nipovide_kasavowilir.pdf
- http://mta-sts.heyhelen.com/uploads/1/3/0/2/130291536/6936294.pdf
- http://jamesdavidson.photography/uploads/1/3/1/0/131071072/getepike.pdf
- http://the-jim.net/uploads/1/3/0/4/130436172/jezegarepufef.pdf
- http://castroslandscapingma.com/uploads/1/3/0/2/130273748/51058b4342.pdf
- http://arpi.ca/uploads/1/3/0/7/130738798/fad901e.pdf
- http://kpcdesign.org/uploads/1/3/0/7/130775878/pidoriguwutavu.pdf
- http://prideofliars.net/uploads/1/3/0/5/130539517/2a6d2da213.pdf
- http://floortilenearyou.com/uploads/1/3/0/2/130291702/dijamozetek_pudifiperofir_zafug_pafofokakova.pdf
- http://www.castledivitalita.com/uploads/1/3/0/4/130483844/8987359.pdf
- http://mountaintrafficcircle.com/uploads/1/3/0/6/130639448/8b80f4cee71.pdf
- http://lacebar.com/uploads/1/3/0/4/130475925/9604762.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e36.binfa5cf8a509198b25cf6bc8afbe3a8164e129ecfbebfd0bec28bd281e83663f0f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E36 | 8104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.