Malicious PDF — malware analysis report

Heuristics 3

• Invisible/repeated PDF links deliver payload file critical PDF_REPEATED_PAYLOAD_LINK_LURE
  PDF uses invisible link annotations and points to a direct payload download. Repeated invisible links or lure-like payload names such as document/unlock/verify archives match malware-delivery PDF carriers where the page is only a prompt and the real payload is fetched from the linked URL.
• Fake invoice / payment lure low SE_INVOICE_LURE
  Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://completespcr.site/Amended-Sales-Tax-Return-Missouri/pdf/copycentralga.com

  • http://completespcr.site/Amended-Sales-Tax-Return-Missouri/doc/copycentralga.com
  • https://copycentralga.com/wp-content/uploads/formidable/2/does-retirement-savings-recommendation-include-home-ownership.pdf
  • https://copycentralga.com/wp-content/uploads/formidable/2/free-wood-flag-plans.pdf
  • https://copycentralga.com/wp-content/uploads/formidable/2/eset-email-protection-by-protocol-filtering-is-non-functional.pdf
  • https://copycentralga.com/wp-content/uploads/formidable/2/charu-c-aggarwal-recommender-systems-pdf.pdf
  • https://copycentralga.com/wp-content/uploads/formidable/2/customer-satisfaction-survey-industry-standards.pdf
  • https://copycentralga.com/wp-content/uploads/formidable/2/saxe-coburg-and-gotha-proclamation.pdf
  • https://copycentralga.com/wp-content/uploads/formidable/2/air-pollution-modeling-and-its-application.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.