MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The primary attack pattern appears to be a link farm designed to direct users to potentially malicious content hosted on numerous domains. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.lmlassurancesante.com/uploads/1/3/0/2/130273799/130273799.html#inductive+reasoning+and+deductive+reasoning+definitions
- http://outandequalseattle.org/uploads/1/3/0/3/130313610/98ec8b0c9f.pdf
- http://okcommunity.net/uploads/1/3/0/5/130551523/najaw-nileraru-nozedusixinod-dasome.pdf
- http://lchcs.com/uploads/1/3/0/3/130313494/gekejevebufetudug.pdf
- http://mx.tarafaulknerphd.com/uploads/1/3/0/6/130639861/zotopedi_zopojutume_ligarizukapa_pifojabugupowe.pdf
- http://horsemindbodysolutions.com/uploads/1/3/0/6/130605509/gowireneluvi_jekodepo_gumewemaweraker.pdf
- http://beesea.com/uploads/1/3/0/6/130604579/vuxomefefi_rinagavi.pdf
- http://saffleplantfarm.com/uploads/1/3/0/2/130291783/5209477.pdf
- http://theaanh.com/uploads/1/3/0/6/130622063/nukubafobaj.pdf
- http://sng1product.world/uploads/1/3/0/6/130621072/fibusef-vedul-nubozofupe-molamagakelove.pdf
- http://reileyrealty.com/uploads/1/3/0/7/130775125/3533673.pdf
- http://undefendedheart.net/uploads/1/3/0/2/130271206/7731560.pdf
- http://mountainvilleumc.com/uploads/1/3/0/5/130588425/e37fcd3.pdf
- http://the-bankruptcy.com/uploads/1/3/0/6/130639653/dawoka_dojigovar.pdf
- http://www.mrspalmer.org/uploads/1/3/0/3/130313221/tigewakaxigu.pdf
- http://vsewer.com/uploads/1/3/0/7/130740221/2526343.pdf
- http://r3healthandfitness.com/uploads/1/3/0/5/130588366/wiwozibivu.pdf
- http://mta-sts.extramile.co.za/uploads/1/3/0/8/130814562/buzituvutilep.pdf
- http://rimrepairchicago.com/uploads/1/3/0/6/130639632/ecba6189c9a6fb.pdf
- http://threehappytails.com/uploads/1/3/0/5/130589056/janarezububegiwadaka.pdf
- http://bosolutions.net/uploads/1/3/0/4/130489410/2417410.pdf
- http://swclink.org/uploads/1/3/0/3/130313178/jerita_xuzomub.pdf
- http://www.royalorganicsbykaylahdenae.com/uploads/1/3/0/3/130313459/mevix_didevadozo.pdf
- http://terramargroups.com/uploads/1/3/0/2/130271058/wuzabug-vesozesamaga-zekeveful-momal.pdf
- http://www.hinojusu.net/uploads/1/3/0/8/130873962/rizefupozepe.pdf
- http://terramargroups.com/u
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000079d8.bine19112cbdef0b1545bb5d61c0d463311b6ffd69feee5a4788c9bdc455e880308 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79D8 | 8104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.