MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of external links, many of which point to PDF files hosted on various domains. The document body, though partially corrupted, contains a URL that appears to be a lure for learning Japanese online. This suggests a link farm or SEO poisoning tactic to drive traffic to potentially malicious sites. The primary heuristic indicates a mass external PDF link farm, with a dominant host of 'paymeprompt.net'.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://xinquanxunwangtuijianeshibo.br3h.com/uploads/1/3/0/5/130590700/130590700.html#learn+japanese+online+youtube PDF link annotation
- http://paymeprompt.net/uploads/1/3/0/6/130605283/8744988.pdfIn PDF document text
- http://www.powdercoatprosnd.com/uploads/1/3/0/4/130483632/tabajesupi.pdfIn PDF document text
- http://olmiks.pl/uploads/1/3/0/7/130775506/2874962.pdfIn PDF document text
- http://upholsteryer.biz/uploads/1/3/0/9/130969179/1711aa94c9ac92d.pdfIn PDF document text
- http://totalcleaningservices.info/uploads/1/3/0/2/130291474/0caec.pdfIn PDF document text
- http://artloversinn.com/uploads/1/3/0/4/130436299/4095095.pdfIn PDF document text
- http://sewsorose.com/uploads/1/3/0/6/130640029/c8105ad66af063c.pdfIn PDF document text
- http://www.kulturenaturalhair.com/uploads/1/3/0/8/130874130/gatolegelagon.pdfIn PDF document text
- http://mlj-law.com/uploads/1/3/0/5/130541073/temobigagivenam.pdfIn PDF document text
- http://friendlywizardroofing.com/uploads/1/3/0/8/130813497/39098a5.pdfIn PDF document text
- http://www.adentabrasil.com/uploads/1/3/0/7/130739139/razikep.pdfIn PDF document text
- http://avecbrioconseils.com/uploads/1/3/0/4/130436473/nokekigugur.pdfIn PDF document text
- http://hostmaster.everyoneslearning.com/uploads/1/3/0/2/130288926/4283845.pdfIn PDF document text
- http://empowermentforwomen.com/uploads/1/3/0/6/130639676/3334642.pdfIn PDF document text
- http://willowpromote.com/uploads/1/3/0/8/130813514/9264351.pdfIn PDF document text
- http://handheroes.com/uploads/1/3/0/7/130775336/e49380.pdfIn PDF document text
- http://letterpresssaltlake.com/uploads/1/3/0/2/130289308/mipuz.pdfIn PDF document text
- http://devineeats.net/uploads/1/3/0/7/130739194/4985540.pdfIn PDF document text
- http://diversity2go.org/uploads/1/3/0/9/130969945/8234930.pdfIn PDF document text
- http://thebarkwagon.com/uploads/1/3/0/2/130289224/c9965.pdfIn PDF document text
- http://addisonfluids.com/uploads/1/3/0/6/130620705/surakilobakopov.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000087c9.bine9b86891a62d8e182b454f95aadcc51571d0f416dccb6803960445ce28f4c58b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x87C9 | 8344 bytes |
font_01_sfnt_off0000a7da.bin9bf2fa551ce47cddeb099b5ca643dc6156c82dd8fd0dff6b54508ba27c9e9d49 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA7DA | 4668 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.