MALICIOUS
76
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains a high-confidence machine learning detection and a heuristic indicating a redirector link. The embedded URL 'http://xeltuve.com/c3?utm_term=microsoft+flight+simulator+e3+2019' is presented as a lure for 'microsoft flight simulator e3 2019', suggesting a phishing or scam attempt. No scripts were extracted, but the presence of an external URI and a redirector link points to a malicious intent to lead the user to a harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9022
Heuristics 4
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://xeltuve.com/c3?utm_term=microsoft+flight+simulator+e3+2019 PDF link annotation
- https://kopowibepe.weebly.com/uploads/1/4/1/5/141573754/xozabivibifewot.pdfIn PDF document text
- https://segurodegranizo.ar/noticias/fckeditor/file/69343174644.pdfIn PDF document text
- http://kino-profi.com/wp-content/plugins/super-forms/uploads/php/files/37ecb94533b42cdf957376dee78ee41c/96618334530.pdfIn PDF document text
- https://faxulifil.weebly.com/uploads/1/3/4/7/134731484/639ea870ac40.pdfIn PDF document text
- https://kulosewutul.weebly.com/uploads/1/4/1/5/141555448/4478783.pdfIn PDF document text
- http://kod-da-vinci.ru/ckfinder/userfiles/files/saruxobumivetew.pdfIn PDF document text
- https://jerememado.weebly.com/uploads/1/4/1/4/141486479/modogosotimuvom.pdfIn PDF document text
- https://static1.squarespace.com/static/604aea6a97201213e037dc4e/t/62bde0c3d6162061531254d2/1656611012070/offsetting_account_report_in_sap.pdfIn PDF document text
- https://static1.squarespace.com/static/604aebe5436e397a99d53e8a/t/62c7b796c14f6e594931b361/1657255831051/wubevof.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf27c8bac0413e6f804fa/t/62d798b52894590e3bd662dc/1658296502061/blue_mountain_state_season_3_episode_6_cast.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf27c8bac0413e6f804fa/t/62e21255e3e4ef1ef75fb0b4/1658982997585/flatpak_user_guide.pdfIn PDF document text
- https://static1.squarespace.com/static/604aec14af289a5f7a539cf5/t/62cbb7e94040f055beb17b50/1657518058308/exit_hesi_study_guide.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf27c8bac0413e6f804fa/t/62df99947cc2077aa2b39837/1658821013463/munevetujisufugoso.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf27c8bac0413e6f804fa/t/62d248f471917366f333e3d3/1657948405308/89417083263.pdfIn PDF document text
- https://static1.squarespace.com/static/604aec14af289a5f7a539cf5/t/62d83fe2abe4112cc1f15380/1658339298972/tupekokagiviwap.pdfIn PDF document text
- https://static1.squarespace.com/static/604aeb86718479732845b7b4/t/62e4a737daf3695c449a4f7c/1659152184438/bahubali_2_movie_in_english.pdfIn PDF document text
- https://static1.squarespace.com/static/604aec14af289a5f7a539cf5/t/62c9647c6a3d6b58b3a3b5ba/1657365628803/nujexosivovipegugoxodisa.pdfIn PDF document text
- https://static1.squarespace.com/static/604aeb86718479732845b7b4/t/62cf292b734a186cdc6ee56f/1657743659627/basic_rental_application_free.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf27c8bac0413e6f804fa/t/62bad1b150d9c127fd4adfe3/1656410546554/brs_pediatrics.pdfIn PDF document text
- https://static1.squarespace.com/static/604aec14af289a5f7a539cf5/t/62da5b1bb36a234b9b6ce523/1658477339811/procurement_and_supply_chain_managem.pdfIn PDF document text
- https://static1.squarespace.com/static/604aebe5436e397a99d53e8a/t/62d09b5351124a68f0524287/1657838420237/la_maman_et_la_putain_torrent.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf27c8bac0413e6f804fa/t/62b452391307a209de02e6a4/1655984698076/jafimifof.pdfIn PDF document text
- https://static1.squarespace.com/static/60aaf25e42d7b60106dc17aa/t/62c4ed53d9314d72ddfafbc4/1657072980033/gejarofegavetibogez.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00032bd6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32BD6 | 18068 bytes |
SHA-256: 44a4d946dedeca11ec58a08061273bf86aee8c0d52a3c74d07ed4c6d1a25462e |
|||
font_01_sfnt_off00035b34.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x35B34 | 11408 bytes |
SHA-256: 54ca170081e5e266da3261a56af08ad170d93a58760751b7dcf27c66eb222918 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.