MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1204.001 Malicious Link
T1566.002 Spearphishing Attachment
The document exhibits characteristics of an advance-fee scam and a browser installation lure. It contains language suggesting a lottery or prize, combined with requirements for parcel delivery, aligning with advance-fee fraud. Furthermore, it prompts the user to install a browser extension or update, a common tactic for credential theft or malware delivery. No scripts were extracted, limiting the ability to determine specific payload delivery mechanisms.
Heuristics 6
-
Recovery secret / private key request critical SE_SECRET_RECOVERY_LUREDocument requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://http/www.sourceforge.net/projects/chromium
- http://https/www.epicbrowser.com/
- http://http/www.hcon.in/downloads.html
- http://http/www.getmantra.com/
- http://www.getmantra.com/download.html
- http://www.getmantra.com/mantra-on-chromium.html
- http://firecat.toolswatch.org/download.html
- http://https/www.whitehatsec.com/aviator/
- http://https/www.torproject.org/projects/torbrowser.html.en
- http://digitalinspiration.com/google-Chrome
- http://www.polymeta.com/
- https://ixquick-proxy.com/
- https://pipl.com/
- http://www.yasni.com/
- http://www.marketvisual.com/
- http://theyrule.net/
- http://www.emailsherlock.com/
- http://www.usersherlock.com/
- http://checkusernames.com/
- http://namechk.com/
- http://knowem.com/
- http://kngine.com/
- http://www.social-searcher.com/
- http://trendsmap.com/
- http://tweetbeep.com/
- http://twiangulate.com/search
- http://nerdydata.com/
- https://search.nerdydata.com/
- https://searchcode.com/
- https://w3dt.net/
- http://www.shodanhq.com/
- http://www.imageraider.com/
- http://datamarket.com/
- http://datamarket.com/topic/list/
- http://addictomatic.com/
- http://search.carrot2.org/stable/search
- http://search.carrot2.org/
- http://project.carrot2.org/download.html
- http://boardreader.com/
- http://omgili.com/
- http://www.sensebot.net/
- http://www.whostalkin.com/
- http://mentionmapp.com/
- http://socialcollider.net/
- http://www.geochirp.com/
- http://beta.twitterfall.com/
- https://meanpath.com/
- http://serversniff.net/
- https://search.nerdydata.com/images
- http://www.freebase.com/
+325 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.