MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links, a technique often used for SEO manipulation or to redirect users to malicious sites. The ML classifier strongly indicated maliciousness, and the PDF_SEO_LINK_FARM heuristic confirms the presence of a link farm. No scripts were extracted, but the sheer volume of outbound links suggests a delivery or redirection mechanism.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://theovercomersblueprint.com/uploads/1/3/0/2/130270895/130270895.html#levels+of+affective+domain+pdf
- http://balkanco.com/uploads/1/3/0/7/130739024/zukife.pdf
- http://westernindustrialdistributors.com/uploads/1/3/0/6/130621715/pasap_lefanepipu_risojupexeda.pdf
- http://plr4.us/uploads/1/3/0/8/130873850/2886170.pdf
- http://touchfromthehartphotography.com/uploads/1/3/0/6/130620395/2b71245c27.pdf
- http://www.buildaschoolinindia.com/uploads/1/3/0/8/130814774/bixuvovexovu.pdf
- http://www.mooreandord.com/uploads/1/3/0/4/130476135/pafuba_gebatinam_nugogunagum.pdf
- http://vikingwarm.com/uploads/1/3/0/5/130551129/bafiwada_miduwegavud.pdf
- http://www.fishqueen.com/uploads/1/3/0/6/130640197/wozapub_pulede.pdf
- http://merkabaone.com/uploads/1/3/0/4/130483370/galeda_gupemovavu_xobefelajupurim.pdf
- http://painfulhip.org/uploads/1/3/0/6/130640092/tirogezixaga.pdf
- http://sciencesmartssociety.org/uploads/1/3/0/6/130604934/2f4ea0ca6.pdf
- http://terragrocery.com/uploads/1/3/0/7/130775743/pujosam.pdf
- http://academictranscripts.com.au/uploads/1/3/0/2/130291724/8613953.pdf
- http://madeinlarioja.com/uploads/1/3/0/4/130476266/sopodawuge_lijowami_zodekawojegiz_salekowogiwada.pdf
- http://sobroradio.com/uploads/1/3/0/8/130814681/8854283.pdf
- http://simplymetering.com/uploads/1/3/0/3/130323291/loluj.pdf
- http://mxjoinus.net/uploads/1/3/0/6/130622103/4824575ffec1bf.pdf
- http://ececonline.org/uploads/1/3/0/7/130775049/vowij.pdf
- http://valdineschroeder.com/uploads/1/3/0/8/130814190/912199a86d866.pdf
- http://www.samedicalmonitoring.com/uploads/1/3/0/7/130738836/zalan-gaveboze-xufumigasuruf-mubosazekosis.pdf
- http://ergzna.net/uploads/1/3/0/6/130605269/lutizevuvitifudabir.pdf
- http://www.habitsforhealthcoaching.com/uploads/1/3/0/7/130775393/konuzumamesumu.pdf
- http://www.suavecultureco.com/uploads/1/3/0/2/130289235/866216.pdf
- http://www.lanesaesthetics.co.uk/uploads/1/3/0/6/130620483/c0fd03240b96.pdf
- http://chinasummercamp.org/uploads/1/3/0/6/130604589/puzobepareg-kajolidobipiw-jisugekigoj-gekodejerotobe.pdf
- http://www.suavecultureco.com/uploads/1/3/0/2/130289235/866216.pd
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c3a.bind38d839a1cb770f1a254bb9e0cade3251bb74b8f9941f0d35242af569611781e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C3A | 7432 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.