MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous external links, a common technique for SEO poisoning and driving traffic to malicious websites. The document body text, though partially corrupted, contains the phrase 'Iddaa excel 2016 indir', suggesting a lure to a fake download or phishing page. The ML classifier strongly flagged this PDF as malicious, supporting the assessment of a malicious link farm and potential phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9986
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://loveit-defaultspanish.devsite-1.com/uploads/1/3/0/6/130604161/130604161.html#iddaa+excel+2016+indir
- http://fromchile.org/uploads/1/3/0/5/130589214/0d60191.pdf
- http://vintagelabergman.com/uploads/1/3/1/3/131383945/tozagudazobamupak.pdf
- http://thechanelcollection.com/uploads/1/3/0/7/130775446/1447224.pdf
- http://kinginvodecor.com/uploads/1/3/1/4/131452929/vigavejozekipu.pdf
- http://triumphontrails.com/uploads/1/3/1/4/131483153/wijuros-wawozet-mixibisupunet-fagoxuwojawawed.pdf
- http://innarc.net/uploads/1/3/1/4/131406650/gemubi_zugepuvifixuso_defikote_kelibisunaka.pdf
- http://mx.broadbandsings.org/uploads/1/3/0/5/130551941/dumixum.pdf
- http://kaymilam.com/uploads/1/3/0/7/130739012/gemababevaketasa.pdf
- http://swastikservice.co.in/uploads/1/3/1/6/131606861/43d362f09dc.pdf
- http://josephdeleon.com/uploads/1/3/0/4/130435927/xofejemepumeg.pdf
- http://mystartoverfitness.com/uploads/1/3/0/3/130323594/genelakegu.pdf
- http://noncognitive.ca/uploads/1/3/0/6/130604133/nawunedivaleko-nadexewupujim-mexoxemidudu-posefaxexiji.pdf
- http://loveit-defaultspanish.devsite-1.com/uploads/1/3/0/6/130604161/terms.html
- http://loveit-defaultspanish.devsite-1.com/uploads/1/3/0/6/130604161/dmca.html
- http://loveit-defaultspanish.devsite-1.com/uploads/1/3/0/6/130604161/policy.html
- http://tinurll.com/1bdc04ddaa
- https://buzereso.files.wordpress.com/2020/06/vanivajidikisoruvala.pdf
- https://sitejusumi.files.wordpress.com/2020/06/96990917532.pdf
- https://jekiwex.files.wordpress.com/2020/06/5219701698.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0001c98b.binf448bf6acd11aa7e9f2aa475b4524546128502b7ec53637797dfce38f13d8948 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C98B | 28880 bytes |
font_00_sfnt_off00010abb.binbe8c0533735893c6dfda78dc6f3a45e87e722caa57ccd408f3a256a4f64da17d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10ABB | 41268 bytes |
font_01_sfnt_off000188d5.bin53cd5cee53501b280a3432779f0e91ca7f0864e7874dbb7c3297d9c29293a07d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x188D5 | 23728 bytes |
font_03_sfnt_off0001fba5.bin495b3665254cf11fbc2a12174a2484ae5abd583acd8d4d850fc7ed5da1d00a1c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FBA5 | 10344 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.