SUSPICIOUS
34
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains numerous embedded URLs that advertise cracked software, indicating a lure for users seeking pirated applications. One specific URL, http://emailgoal.com/TGliRW5nc2FzTGl/headwind/ZG93bmxvYWR8ZG40Tm1ab05IeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.fujifilm.juggler=orotina&quilters=alledged, appears to be a direct download link for a payload. The presence of multiple cracked software links strongly suggests a malicious intent to distribute malware or lead users to malicious sites.
Machine Learning
- Nyx PDF Classifier clean score 0.0051
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://emailgoal.com/TGliRW5nc2FzTGl/headwind/ZG93bmxvYWR8ZG40Tm1ab05IeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.fujifilm.juggler=orotina&quilters=alledged PDF link annotation
- https://uglybear90.com/wp-content/uploads/2022/07/brygar.pdfIn PDF document text
- https://homeimproveinc.com/pomodairo-crack-registration-code-free-latest-2022/In PDF document text
- https://www.theblender.it/pixelshift-to-dng-0-9-12-crack-free-license-key/In PDF document text
- http://www.louxiran.com/verity-crack-pc-windows/In PDF document text
- https://arlingtonliquorpackagestore.com/opengl-light-crack-free-pc-windows/In PDF document text
- https://www.cashptdirectory.com/wp-content/uploads/2022/07/RAMRush_Crack__With_License_Code_Free_For_Windows_2022.pdfIn PDF document text
- https://mandarinrecruitment.com/system/files/webform/diamond.pdfIn PDF document text
- https://ithinksew.net/advert/microsoft-hpc-pack-2008-and-hpc-pack-2008-r2-tool-pack-crack-activation-code-download/In PDF document text
- http://madshadowses.com/upsecrypt-formerly-ultimate-password-tool-x64/In PDF document text
- https://kramart.com/clean-education-stock-icons-crack/In PDF document text
- https://alumbramkt.com/seequencer-with-license-key-for-pc/In PDF document text
- http://www.purimlabcoats.net/wp-content/uploads/2022/07/berwchar.pdfIn PDF document text
- https://www.cameraitacina.com/en/system/files/webform/feedback/antismoke.pdfIn PDF document text
- https://lookup-ministries.com/2022/07/04/ms-word-extract-data-and-text-from-multiple-word-documents-crack-free-x64-updated-2022/In PDF document text
- https://plans4creativewoodworking.com/robotill-crack-activator-download-for-windows-march-2022/In PDF document text
- https://www.brookfield.k12.ct.us/sites/g/files/vyhlif4196/f/pages/advocacy_letter_from_brookfield_public_schools.pdfIn PDF document text
- https://www.eventogo.com/clockwatch-pro-crack-win-mac-updated-2022/In PDF document text
- https://www.cashptdirectory.com/wp-content/uploads/2022/07/RAMRush_Crack__WitIn PDF document text
- https://ithinksew.net/advert/microsoft-hpc-pack-2008-and-hpc-pack-2008-r2-tool-In PDF document text
- https://lookup-ministries.com/2022/07/04/ms-word-extract-data-and-text-from-In PDF document text
- https://plans4creativewoodworking.com/robotill-crack-activator-download-for-In PDF document text
- https://www.brookfield.k12.ct.us/sites/g/files/vyhlif4196/f/pages/advocacy_letter_froIn PDF document text
- https://www.careers.ox.ac.uk/system/files/careers/webform/add-email-address.pdfIn PDF document text
- https://www.colorado.edu/ansethgroup/sites/default/files/webform/pwnsoft-launch.pdfIn PDF document text
- http://quinonsvou.yolasite.com/resources/MRV-Code39MA-Free-Full-Product-Key-Download-Updated.pdfIn PDF document text
- http://www.tcpdf.orgIn PDF document text
- https://www.colorado.edu/ansethgroup/sites/default/files/webform/pwnsoft-In PDF document text
- http://quinonsvou.yolasite.com/resources/MRV-Code39MA-Free-Full-Product-Key-In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.