MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links to external PDF files hosted on the dynamic DNS domain 'cmeinasaoo.duckdns.org'. This suggests a link farm or redirection tactic to distribute further malicious content. The ML classifier strongly indicated maliciousness, and the PDF_SEO_LINK_FARM heuristic confirms the presence of numerous external links, likely intended to deceive users into downloading or accessing potentially harmful documents.
Machine Learning
- Nyx PDF Classifier malicious score 0.9920
Heuristics 2
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://cmeinasaoo.duckdns.org/4b28b26b24b25b23/The-Clans-of-Darkness-Scottish-Stories-of-Fantasy-and-Horror-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/2b27b27b24b26b20/Great-Tales-of-Terror-from-Europe-and-America-Gothic-Stories-of-Horror-and-Romance-1765-1840-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/3b23b24b27b23b27/The-Wizards-Of-Odd-Comic-Tales-Of-Fantasy-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/5b24b23b27b27b25/Gaston-LeRoux-s-Phantom-Stories-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/1b27b27b23b23b20/The-Best-Horror-Stories-from-the-Magazine-of-Fantasy-amp-Science-Fiction-Volume-1-by-Edward-L-Ferman.pdf
- http://cmeinasaoo.duckdns.org/3b23b21b27b26b23/Scottish-Clans-amp-Tartans-by-Ian-Grimble.pdf
- http://cmeinasaoo.duckdns.org/1b26b22b22b21b23/Eldritch-Evolutions-26-Weird-Science-Fiction-Dark-Fantasy-amp-Horror-Stories-by-Lois-H-Gresh.pdf
- http://cmeinasaoo.duckdns.org/9b28b20b29b23/Endless-Darkness-26-Hand-Picked-Horror-Stories-from-www-shortnscarystories-com-by-Jagrit-Gupta.pdf
- http://cmeinasaoo.duckdns.org/8b23b26b24b24b28/The-Wizards-of-Odd-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/4b20b28b24b20b25/The-Freak-Show-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/4b21b21b20b22b29/The-Witchcraft-Reader-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/4b21b20b29b21b20/Witchcraft-and-Black-Magic-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/8b23b26b27b24b25/Irish-Tales-of-Terror-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/4b21b21b21b26b29/The-Necromancers-Best-Of-Black-Magic-And-Witchcraft-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/8b23b26b27b23b29/Doctor-Who-A-Celebration-Two-Decades-Through-Time-and-Space-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/8b23b26b27b25b25/The-Secret-History-Of-Cults-Bizarre-Rituals-And-Murderous-Practices-Revealed-by-Peter-Haining.pdf
- http://cmeinasaoo.duckdns.org/8b28b29b28b29b22/Images-of-Horror-and-Fantasy-by-Gert-Schiff.pdf
- http://cmeinasaoo.duckdns.org/1b20b27b20b24b29/The-Year-s-Best-Australian-Fantasy-and-Horror-2013-by-Liz-Grzyb.pdf
- http://cmeinasaoo.duckdns.org/9b22b22b20b26/The-Year-s-Best-Australian-Fantasy-and-Horror-2014-by-Liz-Grzyb.pdf
- http://cmeinasaoo.duckdns.org/4b20b28b22b25b27/Australian-Dark-Fantasy-and-Horror-Volume-3-by-Angela-Challis.pdf
- http://cmeinasaoo.duckdns.org/1b26b22b
Open this report in the interactive analyzer, or submit your own file for analysis.