MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. One of these links, http://evacdir.com/ferries.gunpoint.ZG93bmxvYWR8YWc2TjNWcE9YeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.QnVsbHNIaXQgQ29udmVydGVyIFVsdGltYXRlQnV/?jerramy=telephoto, is flagged as suspicious. The presence of a link farm suggests an attempt to direct users to potentially malicious or deceptive content, aligning with phishing or SEO abuse tactics.
Machine Learning
- Nyx PDF Classifier clean score 0.0079
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/ferries.gunpoint.ZG93bmxvYWR8YWc2TjNWcE9YeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.QnVsbHNIaXQgQ29udmVydGVyIFVsdGltYXRlQnV/?jerramy=telephoto
- https://powerful-atoll-35603.herokuapp.com/DCBass_Source_Mod.pdf
- https://www.selby.gov.uk/system/files/webform/hanskal776.pdf
- http://dummydoodoo.com/?p=18872
- https://center-ekb.ru/?p=3866
- https://lorainelindsay.com/wp-content/uploads/2022/07/Object_Oriented_C.pdf
- http://ubipharma.pt/?p=37583
- http://discoverlosgatos.com/?p=17538
- https://mevoydecasa.es/zoom-business-edition-crack-free-latest-2022/
- https://www.sosho.pk/upload/files/2022/07/FqC6lZ5rU7Vczzu34XWZ_04_5be8da713a3e1213062b9f5882906a40_file.pdf
- https://hoponboardblog.com/2022/07/heredis-2-42-crack-pc-windows-latest/
- http://www.defensores.legal/wp-content/uploads/2022/07/Network_Diagnostic_Tool.pdf
- https://marketstory360.com/news/45796/habitlab-lifetime-activation-code-mac-win-2022/
- https://rhea-recrutement.com/wp-content/uploads/2022/07/Try_GDI_Crack__With_Keygen_Download_MacWin.pdf
- https://www.careion.be/sites/default/files/webform/File-Destroyer.pdf
- https://www.voyavel.it/penyuusb-crack-lifetime-activation-code-free-for-windows-april-2022/
- https://maple-toonie-59122.herokuapp.com/Mywe_File_manager.pdf
- https://songgiatri.com/image/herzygf.pdf
- http://host64.ru/rsa-key-generator-crack-incl-product-key-win-mac-latest-2022/
- https://www.sosho.pk/upload/files/2022/07/FqC6lZ5rU7Vczzu34XWZ_04_5be8da713a3e1213062b9f5
- https://rhea-recrutement.com/wp-
- https://social111.s3.amazonaws.com/upload/files/2022/07/1Sdk9oTbhhdEmtP8tsc1_04_5be8da713a3e1213062b9f5882906a40_file.pdf
- https://danlimiddhalisy.wixsite.com/inlavedast/post/ogg-vorbis-acm-codec-crack-free-32-64bit-2022-latest
- http://www.tcpdf.org
- https://social111.s3.amazonaws.com/upload/files/2022/07/1Sdk9oTbhhdEmtP8tsc1_04_5be8da713a3
- https://danlimiddhalisy.wixsite.com/inlavedast/post/ogg-vorbis-acm-codec-crack-
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_011_off0001a122.bindf221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1A122 | 119072 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.