MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with one heuristic specifically identifying a 'PDF_SEO_LINK_FARM' suggesting a large number of outbound links. The primary external URL, 'https://pelibifir.ru/award?keyword=une+tempete+aime+cesaire+pdf+french', appears to be a lure. While no scripts were explicitly extracted, the PDF structure and heuristics indicate a strong likelihood of malicious intent, possibly involving redirection to phishing or malware sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.8811
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=une+tempete+aime+cesaire+pdf+french
- http://gofipupeseg.22web.org/mastering_metrics_by_angrist_and_pischke.pdf
- http://tinizorejit.22web.org/nezumofiwabodigekek.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/7b4672cb-3935-48ab-a5d8-df7a5ba89718/84137018450.pdf
- https://s3.amazonaws.com/jifedefujodu/ahmet_davutolu_kitaplar.pdf
- https://uploads.strikinglycdn.com/files/e003e5ab-f486-4f52-86db-9a2dc1334a8f/xiwavev.pdf
- https://uploads.strikinglycdn.com/files/802e43b2-5aa2-42de-8154-cfbbc31d5a33/matar_a_un_ruiseor_pelicula_netflix.pdf
- https://uploads.strikinglycdn.com/files/108e831a-0690-4c44-a6c0-9dd57cd693a9/51280834719.pdf
- https://8e0cabef-d481-4215-b437-8a5fc4e4723c.filesusr.com/ugd/f41140_806a999bcd0647f08793a8f29743d757.pdf?index=true
- https://uploads.strikinglycdn.com/files/1eb9504f-5b53-41fa-b26a-729733d7c172/what_does_a_diagnostic_test_in_education.pdf
- http://gavekur.epizy.com/mobonujitosisaludexeseji.pdf
- http://bigisewolax.epizy.com/blue_cross_insurance_forms.pdf
- https://s3.amazonaws.com/fovezewi/15488824965.pdf
- https://uploads.strikinglycdn.com/files/b591b8a4-b5a4-4395-a078-7e4733a85849/54334264932.pdf
- https://uploads.strikinglycdn.com/files/baf927d9-d864-48fc-82de-47bc9b031d42/what_is_the_mood_of_the_mask_of_the_red_death.pdf
- https://s3.amazonaws.com/padanivozeb/vuvanedanepim.pdf
- https://uploads.strikinglycdn.com/files/563438ca-9d4f-437b-a314-e3d85b561914/how_do_i_save_an_email_as_a_on_a_mac.pdf
- https://uploads.strikinglycdn.com/files/aacae77d-5d10-4db7-9345-03413217c714/estructura_de_un_texto_explicativo_ejemplo.pdf
- https://a2c67b61-a01d-4053-b7ad-f1487bca8054.filesusr.com/ugd/24853a_f88e0efea62e407a82aa073216b4b392.pdf?index=true
- https://s3.amazonaws.com/kavugusepe/nuxuxe.pdf
- https://uploads.strikinglycdn.com/files/6c13c300-0be0-4fd7-9635-3021735ed6b8/1182315968.pdf
- https://uploads.strikinglycdn.com/files/f079c051-e176-47c9-8fc1-de9a8c22a40b/how_to_put_ink_in_canon_p23-dh_v.pdf
- http://zapudeni.epizy.com/because_i_got_high_full_song.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00018085.bin4dc3e4cb55c48c2d1aeccf3b30b1001b7d05328e68ef1e4951fa129c9a4f8230 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18085 | 5352 bytes |
font_01_sfnt_off0001928c.binf90419e95dee5381ff1ba672c468163dc6dfc7ec1c89ade3d1df58bf3ad91e8b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1928C | 14116 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.