MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious by an ML classifier and contains a large number of external links, characteristic of a link farm or SEO spam. The document body, though partially corrupted, contains a URL that points to a '3000 calorie bulking meal plan reddit' page, suggesting a lure to entice users to click on the numerous other PDF links. These links likely lead to further malicious content or phishing pages.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://julianthology.com/uploads/1/3/0/6/130639385/130639385.html#3000+calorie+bulking+meal+plan+reddit
- http://sjportfolio.com/uploads/1/3/0/4/130476351/poveratogobusena.pdf
- http://myitk.us/uploads/1/3/0/9/130969521/sawibajiliposuw.pdf
- http://mannadialects.com/uploads/1/3/1/0/131070872/lodufadidetamedetix.pdf
- http://en.margotgenet.com/uploads/1/3/0/5/130588922/jipiputoxubezeluzujo.pdf
- http://www.homebrewbeerguide.com/uploads/1/3/0/6/130621983/580056.pdf
- http://swimthick.com/uploads/1/3/1/0/131070505/3113495.pdf
- http://mdloopbaanbegeleiding.nl/uploads/1/3/0/5/130551364/e75758.pdf
- http://ageniart.com.au/uploads/1/3/0/5/130590777/kutazamugoxipe-nezef.pdf
- http://amodernplace.com/uploads/1/3/0/6/130639173/nigevudetak_wujakorevovabur_puton_batutuwogo.pdf
- http://psycholooggent.com/uploads/1/3/0/4/130435726/6687a111678d8c.pdf
- http://shaolinspirit.com/uploads/1/3/0/2/130270775/985db64cbb02e7.pdf
- http://noblestarzz.com/uploads/1/3/0/7/130740385/d4317019d.pdf
- http://sideffectstudios.net/uploads/1/3/0/6/130622077/sapakejuketaw.pdf
- http://thbeauty.net/uploads/1/3/0/7/130738943/6aa8b72e69.pdf
- http://loveleajewelry.com/uploads/1/3/0/5/130588394/jaguxij-jigumebinapafo.pdf
- http://74-123-72-171.mgwnet.com/uploads/1/3/0/5/130543050/1b95248.pdf
- http://longcanhalldiscount.com/uploads/1/3/0/6/130604198/wanudupalinitozabu.pdf
- http://terbiumprice.com/uploads/1/3/0/7/130775715/2929703.pdf
- http://healthymealbar.com/uploads/1/3/0/5/130551362/7295e89.pdf
- http://nakomaplazaauto.com/uploads/1/3/0/2/130288939/f30ed3a3dd.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000091bd.bin6c1540d0a5f855d4e15bdd473811253ecced84a97d0f5166e336a03dbd43194a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x91BD | 6560 bytes |
font_01_sfnt_off0000a1c6.bin22eee8fcc7f54925f014f18a72291de2fad93532334c2306026bc43e3ca081ad |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA1C6 | 8624 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.