MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The PDF file contains a large number of external links to other PDF files hosted on various domains, indicating a link farm or SEO abuse tactic. The ML classifier strongly flagged this PDF as malicious. The primary attack pattern involves directing users to a network of potentially malicious or spam-related content through these embedded links.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mta-sts.mail.ayumikuramae.com/uploads/1/3/2/3/132303248/132303248.html#windows+xp+img+file+for+limbo
- http://wecleanyourspace.com/uploads/1/3/0/3/130313411/49eec05d786.pdf
- http://bradleybaasmathcenter.com/uploads/1/3/0/8/130814411/a49b6dfefaf.pdf
- http://gigawatt-solar.com/uploads/1/3/0/7/130776490/deteloz_bugupigajimejo_wetegazex.pdf
- http://aawphotography.com/uploads/1/3/1/3/131380636/2953038.pdf
- http://mail.ibrahimmorgantourguide.com/uploads/1/3/0/5/130588754/dotive_lugebeviwi_vubadiritubikot_kuzulejulaxo.pdf
- http://jiahaoguojiyulecheng.br3h.com/uploads/1/3/1/3/131383586/3e2d84b.pdf
- http://montanaaussiedoodles.com/uploads/1/3/1/4/131407068/318ea591c17822e.pdf
- http://kellyllee.info/uploads/1/3/0/2/130288301/xovowanofe_sujitopis.pdf
- http://reikihealingbytaryn.com/uploads/1/3/0/5/130550760/vefebofiki_mepikamokamo_xasufow_lidiki.pdf
- http://mta-sts.mail.ayumikuramae.com/uploads/1/3/2/3/132303248/terms.html
- http://mta-sts.mail.ayumikuramae.com/uploads/1/3/2/3/132303248/dmca.html
- http://mta-sts.mail.ayumikuramae.com/uploads/1/3/2/3/132303248/policy.html
- https://demexikil.files.wordpress.com/2020/06/26051888188.pdf
- https://wizuvife.files.wordpress.com/2020/06/delosugunamux.pdf
- https://lagupok392153502.files.wordpress.com/2020/06/11349715037.pdf
- https://sufiwow.files.wordpress.com/2020/06/jovokebiwu.pdf
- https://kuvonalu.files.wordpress.com/2020/06/70018787109.pdf
- https://zemijedo.files.wordpress.com/2020/06/61449934557.pdf
- https://vupujejuwozo.files.wordpress.com/2020/06/buvisesemip.pdf
- https://fusikazisome.files.wordpress.com/2020/06/tedibeneliwetanaja.pdf
- https://linutinoruso.files.wordpress.com/2020/06/jorezaninazotojop.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006324.bin98ce60271c7b7e2921eef715336d1e55c14d886091f41cfde21a01740c4bbca6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6324 | 11204 bytes |
font_01_sfnt_off00008987.bin741a85be657c9a161a7aa7d82e6c5ebf876fbeb510d861f1e52d6ce8329690c6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8987 | 16264 bytes |
font_02_sfnt_off00009edc.bin30155f06aedfb79de9f70f3e8e1372addaeb1c7fe56136300e854ed0c3fac0c5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9EDC | 1740 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.