MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
This PDF document exhibits characteristics of a link farm, embedding a large number of external URLs. The primary heuristic indicates a mass external PDF link farm, suggesting a tactic to manipulate search engine results or redirect users to potentially malicious content. While no scripts were extracted, the sheer volume of outbound links points towards a malicious intent, likely for SEO poisoning or traffic redirection. The document body contains garbled text and embedded URLs, further supporting this assessment.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ancestralbritain.com/uploads/1/3/0/7/130775455/130775455.html#%D0%B2%D0%BE%D0%B5%D0%BD%D0%BD%D0%B0%D1%8F+%D1%80%D0%B0%D0%B7%D0%B2%D0%B5%D0%B4%D0%BA%D0%B0+%D0%B7%D0%B0%D0%BF%D0%B0%D0%B4%D0%BD%D1%8B%D0%B9+%D1%84%D1%80%D0%BE%D0%BD%D1%82
- http://commonwealth-designs.com/uploads/1/3/0/6/130604557/f67f9d.pdf
- http://foodeventsdenver.com/uploads/1/3/0/2/130289399/6441419.pdf
- http://www.ondemandcare.co.uk/uploads/1/3/0/5/130544295/3868431.pdf
- http://destinationweddingsbigisland.com/uploads/1/3/0/7/130775722/9a77d4326f.pdf
- http://cleanersrusllc.com/uploads/1/3/0/5/130541004/8e3e70eb.pdf
- http://mrsyatesclass.com/uploads/1/3/0/5/130589374/117466.pdf
- http://artisanofimagery.com/uploads/1/3/0/5/130539645/2867591.pdf
- http://suzannekompass.com/uploads/1/3/0/2/130272649/039679a.pdf
- http://kylomoon.com/uploads/1/3/0/6/130604042/dalojeguri.pdf
- http://independentdentalcenters.com/uploads/1/3/0/7/130739654/vavokebe_dijegu_dexagesosedeti_jejibobukames.pdf
- http://acutabove.us/uploads/1/3/0/5/130550817/9e7a65f388d58.pdf
- http://firsteditionconsulting.com/uploads/1/3/0/4/130488312/baxem-nufawilupejo-mewovafugodus-bagogomolasazit.pdf
- http://westtechmobile.ca/uploads/1/3/0/2/130291416/876883.pdf
- http://www.yourfrenchbulldoghomes.com/uploads/1/3/0/5/130551229/b7783.pdf
- http://abcvaletservices.com/uploads/1/3/0/8/130874424/fanexajetadoku.pdf
- http://sureitcan.com/uploads/1/3/0/7/130738903/7533133.pdf
- http://panicstudios.net/uploads/1/3/0/7/130775680/067f93d5a259.pdf
- http://nulled-shop.com/uploads/1/3/0/6/130622032/7447227.pdf
- http://pinestschool.com/uploads/1/3/0/2/130288552/paguzamavonuvuzivo.pdf
- http://sayerkh.com/uploads/1/3/0/6/130620767/rixemujibojifa.pdf
- http://gemmaderagon.net/uploads/1/3/0/2/130291489/e453b27.pdf
- http://gullakemichigan.com/uploads/1/3/0/5/130543600/kuxol_jezolufije.pdf
- http://www.hanshen.com.tw/uploads/1/3/0/7/130776647/fekamirepo_dapum.pdf
- http://ns1.gnghardware.com/uploads/1/3/0/5/130588956/83b8013548.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008c1e.bin5525d224321dfd1b29ce00390eae48e1065496fe5437b6ff3e1477c65af6da6a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8C1E | 12660 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.