MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file exhibits characteristics of a link farm, with numerous external URLs embedded within its structure. The heuristic 'PDF_SEO_LINK_FARM' indicates a high volume of links pointing to external domains, suggesting a malicious intent to redirect users. The document body contains a URL that matches one of the embedded links, reinforcing the lure. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://brandimae.net/uploads/1/3/1/4/131484090/131484090.html#hasta+que+edad+es+normal+el+complejo+de+edipo
- http://columbiarockacademy.com/uploads/1/3/0/6/130639161/sakonida.pdf
- http://white-trailer-m-253ts.net/uploads/1/3/0/7/130738790/7035436.pdf
- http://macombcssk.com/uploads/1/3/0/4/130476083/moxujur-denotajufibuda-fegawitolefanen.pdf
- http://apmcivilengineering.com/uploads/1/3/0/7/130740068/7281529.pdf
- http://bbnla.com/uploads/1/3/0/3/130379285/watisuf.pdf
- http://alyssamaephotography.com/uploads/1/3/0/8/130874408/buferekuki-doxuga.pdf
- http://ashevillegolfcarts.com/uploads/1/3/0/5/130539227/6962856.pdf
- http://gindystires.com/uploads/1/3/0/7/130776213/dopipuxakasotokefe.pdf
- http://chrislingmusic.com/uploads/1/3/0/2/130289353/difimozazi-jaxupuxul-xemovudelax-sojag.pdf
- http://lilahlingerie.com/uploads/1/3/0/6/130639325/suviluzof-bivanasiweguze-miraredirus-rekojug.pdf
- http://moveablefeastlexington.org/uploads/1/3/0/6/130620471/8613212.pdf
- http://leatherpooltablepockets.com/uploads/1/3/0/5/130539300/lenamifu_motejetig_rixile.pdf
- http://tactechsolution.com/uploads/1/3/1/0/131071072/daleritopu.pdf
- http://webuyuglyhomes.net/uploads/1/3/0/8/130874309/devinavevogesa_xosupinaxebeb.pdf
- http://thefarmersclub.net/uploads/1/3/0/6/130604388/3fc07891929d.pdf
- http://pancakesetpolochons.com/uploads/1/3/0/4/130489102/saxagek-kuxol.pdf
- http://canyonlaketax.com/uploads/1/3/0/6/130604311/dalesepepak_nojawid_kavotop.pdf
- http://ladiesfirstblog.com/uploads/1/3/0/4/130490609/2036708.pdf
- http://betreuungsdienstsunshine.de/uploads/1/3/0/2/130287538/7360037.pdf
- http://shields-data.com/uploads/1/3/0/6/130604778/kovupijumakipaz.pdf
- http://spotlights-online.com/uploads/1/3/0/4/130483302/karusuwikip.pdf
- http://isaphotopr.com/uploads/1/3/0/8/130813975/463783.pdf
- http://dr-ioanna.com/uploads/1/3/0/7/130776106/51cb4f235b.pdf
- http://thegaffgang.com/uploads/1/3/0/6/130639464/2466693.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e9dc.bin9bc79a48141928151eae9483e7cde19c5f904ec7e75cf2569b50f2d57f0d76f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9DC | 10464 bytes |
font_01_sfnt_off00010e81.bine91619dfd4c72a85464d95ef1ba4e67df13020651c42071bafbe521a61d9f7fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10E81 | 2652 bytes |
font_02_sfnt_off000117e8.bin779aa567746046747dac965df7fdfb06ff632674a0a99ce247a327bf89f0fa63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x117E8 | 16036 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.