MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting an attempt to direct users to potentially malicious websites. One of the primary links, http://evacdir.com/RGVncmVtb250IFdhdGVyIFRyZWF0bWVudCBIYW5kYm9vayA3dGggRWRpdGlvbiBQZGYRGV.bouwmeester/kalinda.ghalib/gradresumes.ZG93bmxvYWR8YWU0WkRWaWNYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.matchday.minho.crooked, is particularly suspicious due to its encoded nature and length. The document body is heavily obfuscated and does not provide clear textual lures.
Machine Learning
- Nyx PDF Classifier clean score 0.0280
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/RGVncmVtb250IFdhdGVyIFRyZWF0bWVudCBIYW5kYm9vayA3dGggRWRpdGlvbiBQZGYRGV.bouwmeester/kalinda.ghalib/gradresumes.ZG93bmxvYWR8YWU0WkRWaWNYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.matchday.minho.crooked
- http://www.fuertebazar.com/2022/06/09/mastercam-2018-x64-serial-key-keygenl-_hot_/
- http://barrillos.es/wp-content/uploads/2022/06/Zoomtext_10_1_Crack_15.pdf
- https://www.sosho.pk/upload/files/2022/06/vQbJK2QNIT5vGXUoA5Zz_09_eef07cd5a302b31715a7ade02df8f357_file.pdf
- https://bookland.ma/2022/06/09/adobe-photoshop-lightroom-4-crack-amtlib-dll/
- http://www.vidriositalia.cl/?p=6074
- http://mein-portfolio.net/wp-content/uploads/2022/06/emmvalo.pdf
- https://community.tccwpg.com/upload/files/2022/06/9ugtv7EJIkBZhSGqOH5s_09_a1f06bf8cbd5581d24c339c235999831_file.pdf
- https://www.indiecongdr.it/wp-content/uploads/2022/06/trisway.pdf
- https://www.mountainvalleyliving.com/wp-content/uploads/2022/06/Download_Ezfrisk_760_Crack_ultimi_henger_stupid.pdf
- https://www.la-pam.nl/remove-wat-v2-2-5-2-windows-7-activation/
- https://bryophyteportal.org/frullania/checklists/checklist.php?clid=17724
- https://antoinevanaalst.com/wp-content/uploads/2022/06/Red_Orchestra_2_Steam_Crack_Onlyreloaded.pdf
- https://www.lichenportal.org/chlal/checklists/checklist.php?clid=20671
- https://cch2.org/portal/checklists/checklist.php?clid=12738
- http://www.indepthnepal.com/prototype-art-cab-download-exclusive/
- http://rastadream.com/?p=7053
- https://lagaceta.montehermoso.com.ar/advert/http-hypertext-transfer-protocol-protocol-version-1-1/
- https://aandeconference.org/wp-content/uploads/2022/06/elltala.pdf
- https://wkib.de/wp-content/uploads/2022/06/NuMega_SmartCheck_621286_RC2_Portable51.pdf
- https://bluesteel.ie/2022/06/09/rasterlink-pro-5-sg-keygen-52/
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00001a4f.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1A4F | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.