MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of external links to other PDF files hosted on various domains. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier strongly supports the malicious nature of this PDF. No scripts were extracted, but the sheer volume of outbound links suggests a malicious intent to redirect the user or manipulate search engine results.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://newtownusa.net/uploads/1/3/0/5/130550748/130550748.html#12+street+rag+guitar+tab
- http://buffalomiksang.com/uploads/1/3/1/3/131380868/pivafatenigud.pdf
- http://elvination.com/uploads/1/3/0/5/130539092/6409666.pdf
- http://jiur.org/uploads/1/3/1/3/131381675/salujipojabevawup.pdf
- http://wyjinvestment.com/uploads/1/3/0/4/130436362/4325462.pdf
- http://supremecupcakez.com/uploads/1/3/0/7/130775368/a1a5cd7e9fd.pdf
- http://timmax-guide.com/uploads/1/3/0/8/130814161/d186e.pdf
- http://thewaveindustries.net/uploads/1/3/1/4/131437236/jutabasewekutalogeb.pdf
- http://everythingdiscountedws.com/uploads/1/3/0/6/130621357/3675799.pdf
- http://leannephilip.com/uploads/1/3/0/5/130589036/joxinatonom-dusobiselo-mujusirog-gurexegajajefo.pdf
- http://www.cbefulfillment.com/uploads/1/3/1/3/131379608/mofukisemutesexir.pdf
- http://dougpickeringfurniture.com/uploads/1/3/0/5/130540928/677d6.pdf
- http://tapsalteeriee.com/uploads/1/3/0/4/130478868/6922143.pdf
- http://homefromhomebandbwinchester.com/uploads/1/3/0/5/130589097/7611835.pdf
- http://mail.foodforsenses.com/uploads/1/3/0/4/130489220/58782.pdf
- http://dadfinitely.com/uploads/1/3/0/5/130551090/492fa1ab60.pdf
- http://p4partyproductions.com/uploads/1/3/0/8/130813887/659854.pdf
- http://chiccamammadesigns.com/uploads/1/3/0/5/130546237/pofubamix_juwerame_jazoloxina_lolazutegolovu.pdf
- http://mytortilladora.com/uploads/1/3/0/3/130313426/3c9fdb8.pdf
- http://roadtripmichigan.org/uploads/1/3/0/8/130814763/0ba950cb02242.pdf
- http://citychoicerealtyservices.com/uploads/1/3/1/3/131380539/loperolezadalit.pdf
- http://mouserphotography.com/uploads/1/3/1/4/131408328/rukafup.pdf
- http://thetravelside.com/uploads/1/3/1/1/131164538/239d062d6b3acf.pdf
- http://awesomecraftlideral.com/uploads/1/3/0/6/130603913/5e116b.pdf
- http://katiecrawfordphotography.com/uploads/1/3/0/7/130740166/4274907.pdf
- http://capitalhillmassagetherapyschool.com/uploads/1/3/1/1/131163669/fenuz.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007be0.bina7a66ec26a28f96e394e1c7736e9fabf9de549716d8c0cf16e7ace4ae1f895cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BE0 | 9204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.