MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of external links, with a specific heuristic firing for a 'PDF_SEO_LINK_FARM'. One of the primary URLs, http://raisengine.com/ZG93bmxvYWR8dFAxWTNBeWIzeDhNVFkxTnpFNE5qazFOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk?enthuse=hypertension=pitcher=littoral=dXNiIGRpc2sgc3RvcmFnZSBmb3JtYXQgdG9vbCBwcm8gY3JhY2sdXN, appears to be a malicious download lure. The presence of numerous links suggests an attempt to distribute malware or redirect users to malicious sites.
Machine Learning
- Nyx PDF Classifier clean score 0.0054
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://raisengine.com/ZG93bmxvYWR8dFAxWTNBeWIzeDhNVFkxTnpFNE5qazFOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk?enthuse=hypertension=pitcher=littoral=dXNiIGRpc2sgc3RvcmFnZSBmb3JtYXQgdG9vbCBwcm8gY3JhY2sdXN
- https://beautyprosnearme.com/neverwinter-nights-2-cd-keygen-top/
- https://www.mein-hechtsheim.de/advert/driver-alcatel-one-touch-7041d-pop-c7-b-black-epub-top/
- https://intense-scrubland-43995.herokuapp.com/o_rapaz_de_bronze_livro_pdf_download.pdf
- https://enigmatic-shore-77883.herokuapp.com/Getamped_2_Dragon_Ball_Z_Skin.pdf
- https://swisscapsule.com/wp-content/uploads/2022/07/yardinn.pdf
- https://kaushalmati.com/the-gangotri-movie-torrent-patched-download/
- http://guc.lt/?p=14444
- https://black-affluence.com/social/upload/files/2022/07/icEujzkrU6VDMOm2L4z9_08_0d456d354c497fe0f40e04ba26f835b4_file.pdf
- https://www.rhodiusiran.com/wp-content/uploads/2022/07/herojes.pdf
- https://sumsoftime.com/wp-content/uploads/2022/07/fauwea.pdf
- http://jwbotanicals.com/crack-ez-drummer-vst-pluginl-verified/
- https://stephenlambdin.com/wp-content/uploads/2022/07/Adobe_Photoshop_Cs6_130_1_Serial_Number_Free_Download_TOP.pdf
- https://www.mil-spec-industries.com/system/files/webform/ardran40.pdf
- https://43gear.com/crack-verified-solidworks-2014-sp3-x64-with-sn-and-activator/
- https://xenosystems.space/wp-content/uploads/2022/07/reygausp.pdf
- https://stephenlambdin.com/wp-
- https://trello.com/c/Xv8tvRQn/77-aerosoft-bergamo-23-verified
- https://www.protiviti.com/KW-en/system/files/webform/files-private/terrjam666.pdf
- https://wakelet.com/wake/0beGxhosl5xNqhuaKxZh1
- https://socialstudentb.s3.amazonaws.com/upload/files/2022/07/mn2GRhhqRuIAE8Nqy4Sc_08_0d456d354c497fe0f40e04ba26f835b4_file.pdf
- https://shapshare.com/upload/files/2022/07/gZSCvNA7COP1W1EzdmKH_08_0d456d354c497fe0f40e04ba26f835b4_file.pdf
- http://www.tcpdf.org
- https://socialstudentb.s3.amazonaws.com/upload/files/2022/07/mn2GRhhqRuIAE8Nqy4Sc_08_0d456d354c497fe0f40e04b
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Open this report in the interactive analyzer, or submit your own file for analysis.