MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF document contains a lure for a cracked password recovery tool, which is a common tactic for distributing malware. The PDF_SEO_LINK_FARM heuristic indicates the presence of numerous external links, likely designed to host malicious payloads or redirect to phishing sites. The ML_NYX_PDF_MALICIOUS score further supports the malicious nature of this document.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://abraxasroots.org/uploads/1/3/0/5/130589056/130589056.html#windows+password+recovery+tool+6.2.0.2+crack+full+free+download
- http://theroyalspaw.com/uploads/1/3/0/4/130494059/32e67afde2b.pdf
- http://dcdsbworkforcecensus.com/uploads/1/3/0/3/130323412/6625039.pdf
- http://gtaheatpumpservice.com/uploads/1/3/0/7/130776103/d512983178e2e9.pdf
- http://4statesdecompression.com/uploads/1/3/0/9/130969085/8373952.pdf
- http://ewwwh.com/uploads/1/3/0/5/130539053/855718.pdf
- http://proceedbydesign.com/uploads/1/3/0/2/130292013/nuzokifalozuri.pdf
- http://ryanhuff.org/uploads/1/3/0/2/130289171/noxide.pdf
- http://juicyrealm.com/uploads/1/3/0/9/130969558/2580927.pdf
- http://www.trailandhunt.com/uploads/1/3/0/5/130551756/3343708.pdf
- http://themarquillaproject.org/uploads/1/3/0/4/130489563/jusifof_kalutagosokoro_supovetisegevef.pdf
- http://finemexican.com/uploads/1/3/0/6/130604150/b949a45de4.pdf
- http://www.aperitif-sticks.at/uploads/1/3/0/9/130969438/jotod.pdf
- http://www.n2everything.net/uploads/1/3/0/2/130288811/8360719.pdf
- http://mx.akrvo.org/uploads/1/3/0/5/130543383/dexemag.pdf
- http://webmail.freelancespeak.com/uploads/1/3/0/5/130589331/zavunitekegotajov.pdf
- http://kadydunlapprints.com/uploads/1/3/0/5/130546024/tirupageposuf.pdf
- http://ocharborentertainment.com/uploads/1/3/0/6/130603904/tudofisesijosegovi.pdf
- http://thegeeksdomain.com/uploads/1/3/0/3/130313513/teletujoxorap-toriwogimo-dutejurafabo-sinuviwaxukubu.pdf
- http://digestprinting.com/uploads/1/3/0/6/130639545/nemevunenitog_puzukater.pdf
- http://www.kswinehk.com/uploads/1/3/0/3/130379162/nevawujo_vifutaxa_tobatafine.pdf
- http://splashcactus.com/uploads/1/3/0/3/130379352/xosotamefi.pdf
- http://jtkmotorsports.com/uploads/1/3/0/6/130604187/zujonotofumum.pdf
- http://autodiscover.longmontsistercities.com/uploads/1/3/0/6/130604996/fawupem-fikalasipinedi-kopemedufaxij-mavazurepasaj.pdf
- http://haleyhartman.com/uploads/1/3/0/6/130621233/sufavi.pdf
- http://jtkmotorsports.com/uploads/1/3/0/6/130604187/zuj
- http://www.character.ua.edu/uploads/1/3/0/6/130604742/30410b94efbbfb.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000076ff.bind1b26853705f648babb0a573e8172014e05b02f91fd9745ed69d39d7fa4298d8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76FF | 7852 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.