MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9953
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=minecraft+apk+v1+13.0+34 PDF link annotation
- https://static.s123-cdn-static.com/uploads/4470401/normal_5fe193c5bd87c.pdfIn PDF document text
- https://xanowiporak.weebly.com/uploads/1/3/0/8/130814060/4ed925.pdfIn PDF document text
- https://kapiromus.weebly.com/uploads/1/3/5/3/135345701/2c0e405fe1182a.pdfIn PDF document text
- https://doxefifuz.weebly.com/uploads/1/3/0/9/130969363/nosajiwifinemijawur.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4458634/normal_6052b9f49ed39.pdfIn PDF document text
- https://fejavuwuvumago.weebly.com/uploads/1/3/0/8/130874007/5559335.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4414869/normal_6005a1db40cbd.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4486359/normal_5fdf9f36e0f94.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/6919e08e-cf9d-4adf-8dc1-8ad845c6f87d/black_boy_names_that_start_with_a_k.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f64c01e-91df-4c6a-b968-e4aadbb354a4/10524607409.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b0c8201b-c992-4a4a-b966-a7782fa5b0db/logitech_wireless_headset_h800_mic_not_working.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef835a3b-3130-4a56-9134-2c0e5ea67666/xugudidovopad.pdfIn PDF document text
- https://s3.amazonaws.com/sagotomagin/xixepagezuna.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e9b483fa-eeab-4852-abac-41371885add0/68073834560.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dd3b7a37-88a4-4bd2-9173-4e82c416ebcd/how_to_calculate_cash_flow_ratio.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2d646c14-ed81-4613-9fc9-292e3a0a9933/67512404079.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6ed10d3-a424-43a3-859e-fba1b74df603/traducir_pagina_web_de_ingles_a_espaol_google_chrome.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f0150e2b-6943-4eba-a5ec-2c9982ceacaa/walt_disney_world_planning_spreadsheet_template.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c1980c29-d70a-4f07-8419-c33c1ae06531/how_to_prepare_for_interview_at_amazon.pdfIn PDF document text
- https://s3.amazonaws.com/xefejevife/8886825449.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2653081-35ac-4e59-9a40-36b8e83e2c33/mechatronics_sixth_edition_electronic_control_systems_in_mechanical_and_electrical_engineering.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a919e3ce-4040-4860-94ce-9a428ab537aa/sekeragedilopenatozuwupa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/749aa337-4794-47c8-b6c6-915ed5f68bdc/capresso_espresso_machine_user_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b1443fd9-08ed-4e2e-b065-1aaa5ca26914/bazojefuzeridejiv.pdfIn PDF document text
- https://s3.amazonaws.com/zowibatev/i_love_you_stinky_face_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15f78729-0f7a-41c4-900c-0fa2fe6338bc/john_murphy_technical_analysis_book.pdfIn PDF document text
- https://s3.amazonaws.com/remavuj/active_and_passive_voice_rules_with_examples.pdfIn PDF document text
- https://s3.amazonaws.com/pewebopufupe/47532569439.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e787.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE787 | 5084 bytes |
SHA-256: b5134d13d870bda1211d1a52998b71478d060a3431a9f69700a0e727e0faacf9 |
|||
font_01_sfnt_off0000f8ee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF8EE | 11948 bytes |
SHA-256: f42ffb27574b7a03b8378dd51c992b123469db3b980fe8f1a72ccfda4eccc25f |
|||
font_02_sfnt_off00011fc2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11FC2 | 4324 bytes |
SHA-256: b50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.