MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF document contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection to malicious content. The document body text, though partially corrupted, includes a title related to a 'Nurse's pocket guide' and mentions 'wkhtmltopdf', indicating a potential lure. The ML classifier strongly flagged this PDF as malicious. The primary attack pattern involves redirecting users to external, potentially malicious, PDF files hosted on numerous domains.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mitownships.com/uploads/1/3/1/4/131452879/131452879.html#nurse%2527s+pocket+guide+14th+edition+pdf
- http://frontlineconsulting-eg.com/uploads/1/3/0/7/130738933/47c04726ad4.pdf
- http://awearerofmanyhats.com/uploads/1/3/0/3/130323199/tonelum-lafazotele.pdf
- http://businessdataleads.com/uploads/1/3/0/6/130620644/d12c1b441a93.pdf
- http://theclaimconsultantllc.com/uploads/1/3/0/6/130621352/nifat_venekunezi_zemimu.pdf
- http://snowsportequipment.net/uploads/1/3/0/6/130621006/c26f2.pdf
- http://krcommercialservices.com/uploads/1/3/0/6/130603828/96e1c2895.pdf
- http://suwai.tokyo/uploads/1/3/0/4/130488067/13852661f6.pdf
- http://autodiscover.transbloke.com/uploads/1/3/1/0/131070527/nevozavotikigi_javefol_kevanesugapera_mabipitaxib.pdf
- http://sherlocktravel.org/uploads/1/3/0/3/130323594/dobedapovomivu-limilapagixoka-bokur.pdf
- http://mediasci.com/uploads/1/3/1/0/131070529/ziwodapodudi.pdf
- http://smeacademy.se/uploads/1/3/0/6/130621046/tuner_papanigemojileb.pdf
- http://hostmaster.yorkshirestoryteller.com/uploads/1/3/0/5/130588382/733ae9c592580f.pdf
- http://adurartsforum.com/uploads/1/3/1/1/131164124/7268377.pdf
- http://mizzousspc.com/uploads/1/3/1/1/131164519/tajupelisu_zepegad_riras.pdf
- http://horacesung.com/uploads/1/3/0/4/130477048/pemapema.pdf
- http://kimbescorner.com/uploads/1/3/0/7/130775310/8d33a539e.pdf
- http://cybermation1.com/uploads/1/3/0/3/130379121/4612273.pdf
- http://glamievents.com/uploads/1/3/0/6/130639214/xemarabuxobunodado.pdf
- http://bigpotkitchen.com/uploads/1/3/0/6/130621462/bewamubugu.pdf
- http://hawaiibachataexpo.com/uploads/1/3/0/9/130969218/45e3c4.pdf
- http://70-227-140-163.lwvil.org/uploads/1/3/0/6/130640116/17e9e96c0d3923d.pdf
- http://jakeclauson.com/uploads/1/3/1/3/131382430/dopakevanogiturusas.pdf
- http://thebrewcraft.com/uploads/1/3/0/5/130547689/7c2db42.pdf
- http://dbcateringevent.com/uploads/1/3/0/4/130483213/wafaxonodezukewaseso.pdf
- http://lovewoolpeace.org/uploads/1/3/0/4/130488085/bepopobuw.pdf
- http://lovewoolpeace.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000655e.bin46dbc9e207129d1fbffec90471446775066c75360184ddc825064bf5d0064721 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x655E | 10128 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.