MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a high number of streams, suggesting obfuscation or a heap spray. A key heuristic indicates the document is a lure for a password-protected archive, commonly used to bypass security filters. While no scripts were extracted, the presence of embedded URLs and the archive lure strongly suggest this document is part of a phishing or malware distribution chain.
Machine Learning
- Nyx PDF Classifier clean score 0.0192
Heuristics 3
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.ecuaworld.com.ec/mapa_ecuador.htm
- http://www.sulabe.com/wp-content/themes/Sulabe/media/img/sdf_01.jpg
- http://www.ecuadorliving.com/
- http://intiraymimystic.com
- http://www.unperiodico.unal.edu.co/
- http://www.revistafocus.pe/
- http://perudelights.com/
- http://www.limaeasy.com/m
- http://moonmentum.com/
- http://www.cincopinos.cl/
- http://mejorconsalud.com/
- http://www.herbotecnia.com.ar/
- http://salud.kioskea.net/
- http://www.proecuador.gob.ec/
- http://tvecuador.com
- http://zoologia.puce.edu.ec/
- http://www.opepa.org/
- http://hidraulicainca.com/
- http://www.leisa-al.org/
- http://www.blog.alamaula.com/
- http://www.revistahogar.com/
- http://www.sathyasai.org.ec/
- http://www.codeso.com/Mapa_Pich01.html
- http://www.andes.info.ec/es/noticias/fanesca-historia-cultura-tradicion-ecuador.html
- http://tahuantinsuyo.activoforo.com/f2-aqui-opiniones-
- http://repositorio.ute.edu.ec/bitstream/123456789/9408/1/37310_1.pdf
- http://repositorio.ute.edu.ec/bitstream/123456789/9597/1/40848_1.pdf
- https://encrypted-
- http://www.visitecuador.travel/contenidos.php?menu=4&submenu1=21&id=177&tipo=1&idiom=1
- http://www.educar.ec/noticias/his-ecuador.pdf
- http://www.quitoadventure.com/
- http://www.quitoadventure.com/espanol/cultura-gente-ecuador/arqueologia-ecuador/andes-
- http://www.buenastareas.com/ensayos/Influencia-De-La-Llegada-Espa%C3%B1ola-
- http://downloads.arqueo-ecuatoriana.ec/ayhpwxgv/noticias/publicaciones/INPC-X-
- http://www.chlorischile.cl/chichas/chichas.htm
- http://www.banrepcultural.org/blaavirtual/historia/putiles2/putil4.htm
- http://www.peruecologico.com.pe/flo_molle_1.htm
- http://app.ute.edu.ec/content/3298-369-9-1-18-
- http://www.bdigital.unal.edu.co/1453/7/06CAPI05.pdf
- http://repositorio.ute.edu.ec/bitstream/123456789/9605/1/37366_1.pdf
- http://www.sulabe.com/wp-
- http://redtematica.concytec.gob.pe/cultivos-andinos/
- https://www.google.com.ec/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-
- https://www.google.com.ec/search?q=gastronomia+de+la+sierra+del+ecuador+en+la+epoca+prehispan
- https://www.google.com.ec/search?q=paleolitico&biw=931&bih=567&tbm=isch&tbo=u&source=univ&
- http://www.pichincha.gob.ec/pichincha/mapas.html#
- http://www.quitoadventure.com/espanol/informacion-ecuador/historia/historia-ecuador/aborigen-
- https://www.turismo.gob.ec/los-
- https://comunidadtulipe.wordpress.com/
- https://encrypted-tbn3.gstatic.com/images
+32 more URL(s)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00002500.bin559994bd07e97db3d68bdd7fd58b9a1ad1075381c57dc98fcf498d26caa67c89 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2500 | 179334 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.