MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of external links, many of which point to other PDF files hosted on various domains. This suggests a link farm or SEO poisoning tactic designed to drive traffic to these external resources. The document body itself is largely unreadable, but the presence of the URL 'http://acpstudios.com/uploads/1/3/0/7/130738506/130738506.html#format+ipod+shuffle+without+itunes' indicates a potential lure related to media devices. No scripts were extracted from this sample.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://acpstudios.com/uploads/1/3/0/7/130738506/130738506.html#format+ipod+shuffle+without+itunes
- http://dancingwolfkennels.com/uploads/1/3/0/9/130969354/zopibibivas.pdf
- http://texasdke.org/uploads/1/3/1/3/131384013/4986325.pdf
- http://batonrougeplumbinganddrain.com/uploads/1/3/0/6/130605368/sovawutomu.pdf
- http://harmony-4you.com/uploads/1/3/0/9/130969097/kamasazu.pdf
- http://lackooutdoor.com/uploads/1/3/0/6/130639875/luragodibafevometud.pdf
- http://qes-id.com/uploads/1/3/0/2/130271167/8843731.pdf
- http://ayurvedicmassageseattle.com/uploads/1/3/0/7/130739416/7905192.pdf
- http://realestatelicenseexamprep.com/uploads/1/3/0/2/130289209/9201567.pdf
- http://iammattcruz.com/uploads/1/3/0/9/130969973/mukuju-mofazuka-nakiteruxokos-sonireg.pdf
- http://cedarhost.com/uploads/1/3/1/3/131384600/69b3ebd7.pdf
- http://lakesidemowing.com/uploads/1/3/0/2/130289224/kujogifup.pdf
- http://cuttingedgepainters.net/uploads/1/3/1/6/131636584/763181.pdf
- http://pittsburghhairsalons.com/uploads/1/3/0/9/130969500/5328434.pdf
- http://fortworthbooths.com/uploads/1/3/1/8/131856188/tumupibowab_mujet_pelusuxig.pdf
- http://atotulsa.com/uploads/1/3/0/6/130621374/mexin_loripabe.pdf
- http://26rolls.com/uploads/1/3/0/3/130379232/9231088.pdf
- http://catterychivers.com/uploads/1/3/1/8/131856009/8329042b26f.pdf
- http://bezdiga.com/uploads/1/3/0/5/130547286/zevozinebizufibuza.pdf
- http://chbookpros.com/uploads/1/3/0/7/130739987/bagob-balika-tasor.pdf
- http://arcpairpress.com/uploads/1/3/0/8/130874672/xokojikefovusovamogu.pdf
- http://dramyhawkins.com/uploads/1/3/0/5/130543766/6039980.pdf
- http://saunbeunutop13.com/uploads/1/3/0/4/130477455/e4b89f.pdf
- http://irishcca.com/uploads/1/3/0/2/130289240/ruwozulapuku-benatixafoxer-bupojanaj-furemezafotuzin.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b4e.bina511fb262e2f240b0cc62b800179189f1c69c7b4d67d938f9bc0c5e12ef74554 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B4E | 2024 bytes |
font_01_sfnt_off000074e2.bin331aea4ba59456733a90fb98d4ac5af8545408bccacf88aaa2e667919e6953c2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74E2 | 12072 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.