MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The PDF contains a large number of external links, identified as a 'PDF link farm' heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The primary attack pattern appears to be directing users to a vast collection of other PDF documents hosted on numerous domains, likely for SEO spam or to host further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9981
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://easywings.org/uploads/1/3/0/9/130970015/130970015.html#d
- http://poko.chat/uploads/1/3/0/5/130539691/8b1dd242df.pdf
- http://nocostupfront.website/uploads/1/3/0/6/130621218/silunawonaleve.pdf
- http://ebkevents.org/uploads/1/3/0/3/130324416/2ca08ef4f4.pdf
- http://goodamericandollars.com/uploads/1/3/0/4/130488100/e5519d.pdf
- http://lowndesm.com/uploads/1/3/0/6/130604785/1161236.pdf
- http://skiesthelimitphotography.com/uploads/1/3/0/4/130436202/nunefolujanu-zorifesisut.pdf
- http://atengraving.com/uploads/1/3/1/1/131163776/e9722cf4bd6e.pdf
- http://myccmgonline.com/uploads/1/3/0/6/130621164/7b149b6a3c09.pdf
- http://lush-artistry.com/uploads/1/3/0/6/130620792/a91449b.pdf
- http://laughing-flower.com/uploads/1/3/0/8/130874084/36c7007923499.pdf
- http://suev.solutions/uploads/1/3/0/5/130550715/9808643.pdf
- http://zerogridbookkeeping.com/uploads/1/3/0/7/130739723/6366202.pdf
- http://stonecreekglobal.net/uploads/1/3/0/5/130543991/bujuno.pdf
- http://inretouch.studio/uploads/1/3/1/0/131070071/6863382.pdf
- http://juliashaas.com/uploads/1/3/1/0/131069961/b0ee15416b.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006fc1.bin53b5e2c75dce511ae4c5b0b1b4d950b1be6bc1488aa77ccabd63250ffb81a3ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FC1 | 7156 bytes |
font_01_sfnt_off000081e7.bin05c2c226bb608a0e5a7ccb5b3e25590e88c8fed7420e786b09c76514ff2d3e19 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x81E7 | 6704 bytes |
font_02_sfnt_off00009261.bin661b56a9de047872d2a7bf4aee29eb11eaa29c4428f2054b9224c18f5fe4346c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9261 | 2212 bytes |
font_03_sfnt_off00009c05.bin0fa43b6021f21125add7f1d653015ac373212bb89478424fac0a6efcb8047fa9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C05 | 6280 bytes |
font_04_sfnt_off0000ab36.bin56f2e14adeb558b186d18f472f24a85cd3203439fe8620df50a430d63bd06a62 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB36 | 10376 bytes |
font_05_sfnt_off0000d118.bin08bc1012f0c0e3b86156652d03c4b067aff5863de96f08bb61232ee012a56c8c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD118 | 2972 bytes |
font_06_sfnt_off0000db97.bin510d354c9afdf0794d2ddd004fbf6f865c3a4afdc7e22671ff99cb9b58867d85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDB97 | 20212 bytes |
font_07_sfnt_off0000fb6c.binb400c7969bf50a528baeac35fdffe31f96e4dc75bba54d2dd1c4869e9a92f379 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB6C | 6508 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.