SUSPICIOUS
34
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains multiple embedded URLs that advertise cracked software, indicating a lure to download potentially malicious applications. One specific URL, http://evacdir.com/banks.RGVscGhpIDEwIFNlYXR0bGUgVW5pcyBDcmFjawRGV/bemoaning.cavernosum/underclothing/internazionale.ZG93bmxvYWR8UnU1Wm1ReGVYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA, appears to be a download link. The heuristic 'PDF_CRACKED_SOFTWARE_LURE' directly supports this finding.
Machine Learning
- Nyx PDF Classifier clean score 0.0280
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/banks.RGVscGhpIDEwIFNlYXR0bGUgVW5pcyBDcmFjawRGV/bemoaning.cavernosum/underclothing/internazionale.ZG93bmxvYWR8UnU1Wm1ReGVYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA PDF link annotation
- http://www.delphineberry.com/?p=2231In PDF document text
- http://www.nitbusinessdirectory.com.ng/nitbusinessdirectory/advert/easy-sysprep-v3-final-viet-hoarar-extra-quality/In PDF document text
- https://www.apnarajya.com/rurouni-kenshin-movie-2012-english-subtitles-__link__-download/In PDF document text
- https://www.voyavel.it/soundtrack-hable-con-ella-rarl/In PDF document text
- https://dawnintheworld.net/daz-studio-4-5-serial-number-generator-better/In PDF document text
- https://72bid.com?password-protected=loginIn PDF document text
- https://tgmcn.com/adobe-illustrator-cs5-full-espa-ol-1-link/In PDF document text
- https://spacefather.com/andfriends/upload/files/2022/06/C2n27DVZGp91I98qyAzW_09_f4b84f1ea7383c48f8dfbba1a5eac95a_file.pdfIn PDF document text
- https://guaraparadise.com/2022/06/09/chris-brown-f-a-m-e-album-deluxe-edition-2011/In PDF document text
- http://sourceofhealth.net/2022/06/09/keygen-xf-autocad-architecture-2019-x32-exe/In PDF document text
- http://raga-e-store.com/download-film-main-tera-hero-720p-movies/In PDF document text
- https://mandarininfo.com/dvdfab-v8-1-3-8-tom-da-man-precracked-full-version/In PDF document text
- https://osqm.com/c-design-fashion-v4-rar-mega/In PDF document text
- https://socialcaddiedev.com/3-idiots-english-dubbed-torrentl/In PDF document text
- https://richonline.club/upload/files/2022/06/cYtegEaTIbWXKU61dudZ_09_bf0888a4cec3a90e2a72c8543f258ee8_file.pdfIn PDF document text
- https://nisharma.com/sai-photoprint-10-keygen/In PDF document text
- https://facenock.com/upload/files/2022/06/TzwKUpAzArwAzF1teZFU_09_f4b84f1ea7383c48f8dfbba1a5eac95a_file.pdfIn PDF document text
- https://drogueriaconfia.com/shrek-4-sinkronizirano-na-hrvatski-download/In PDF document text
- https://ferramentariasc.com/2022/06/09/factucont-5-full-hot-version-1/In PDF document text
- https://cirismelsdhawsi.wixsite.com/pricinnisut/post/eobd-facile-premium-keygen-install-crackIn PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00001979.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1979 | 120324 bytes |
SHA-256: f12fd99a439a3f7be295b92632335d50aee9e5ef0f0423cab394b3572c156229 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.