MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a significant number of embedded links, with one identified as a malicious redirector. The ML classifier also strongly indicated maliciousness. The presence of a link farm suggests an attempt to distribute malicious content or phishing lures through a large number of seemingly innocuous PDF documents.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=hoke+county+schools+nc
- http://jokoz.themainbistro.com/uploads/1/3/1/8/131856772/pixob_dezegudizomodi.pdf
- http://files.piommiami.org/uploads/1/3/1/6/131607029/3655132.pdf
- http://galisir.centroashe.org/uploads/1/3/0/7/130738973/dekutagevufalatulup.pdf
- http://files.guliagurevich.com/uploads/1/3/0/8/130874295/3c07a.pdf
- http://files.whitepeacockcoffee.com/uploads/1/3/1/4/131436971/7dad80.pdf
- http://files.laureltherapy.net/uploads/1/3/0/8/130813646/nozubipuxokekin_bimidatuwaguba_beregogudatuvos.pdf
- http://bumibezo.nejcrwc.com/uploads/1/3/0/7/130739235/kamikifo.pdf
- https://5bd10c3e-34ad-4b4e-878f-546a999a2273.filesusr.com/ugd/35c6e2_b7b69ffcc8a94119a2c5babc8e19660e.pdf?index=true
- https://febb2c21-59c1-4481-a667-662664dd4b05.filesusr.com/ugd/de3d83_60815409e0ea447682c2494f886011ef.pdf?index=true
- https://9370a5e3-5ceb-4168-9031-8c4a58b2cbc7.filesusr.com/ugd/ce14f3_c3aed003851141a2820b8aaa0fb58f4e.pdf?index=true
- https://92fb08bf-a41a-471e-b8c0-87e8f94c54ba.filesusr.com/ugd/9ef0c3_a689b528f03341caa465b81c3094894d.pdf?index=true
- https://e49e859a-76c4-4250-afc6-aa85e1b2af00.filesusr.com/ugd/3ed902_3f168afec2fc4145a5cc7dacd96441b2.pdf?index=true
- https://b7d3ff3f-31dc-4dde-9235-a6e7b4f08a78.filesusr.com/ugd/345929_f3d16be32e034925a53218b9f28c5ea8.pdf?index=true
- https://2d0e0991-8f95-4804-bd75-c440d976a0e5.filesusr.com/ugd/a98ecc_98cb4ffd23b6411c880180d2a3d59ad6.pdf?index=true
- https://cc5af292-f951-4873-95e0-baad3bab0d28.filesusr.com/ugd/a7074a_f66e2f8a010843c8b600a00ebbbf8b32.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f48.bind40ac43162181ac10c718d6d6a8f289f9c4520434200f096b2bf4f9c98c5953c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F48 | 4544 bytes |
font_01_sfnt_off00007ebe.bin5b608280509dd4384e73efde44163247600b1ef5e6cd56c26fde2783a63abca4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EBE | 10640 bytes |
font_02_sfnt_off0000a32e.bina542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA32E | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.