SUSPICIOUS
44
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF document contains numerous embedded URLs, with http://dogmaindia.com/ being the most prominent. The heuristic 'SE_LOLBIN_RUN_COMMAND' suggests the presence of commands within the document text, potentially for executing malicious actions or redirecting users. The document body itself is heavily obfuscated, making it difficult to determine a precise user-facing lure. The primary attack pattern appears to be directing users to external sites.
Machine Learning
- Nyx PDF Classifier clean score 0.0007
Heuristics 3
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dogmaindia.com/ PDF link annotation
- http://www.ag-technologies.com/In PDF document text
- http://www.aptechnosis.com/In PDF document text
- http://www.aalayance.com/In PDF document text
- http://www.abosoftware.com/In PDF document text
- http://www.accelssl.com/In PDF document text
- http://www.anwsi.com/In PDF document text
- http://www.acesoftex.com/In PDF document text
- http://www.acesintl.com/In PDF document text
- http://www.acesinfotech.com/In PDF document text
- http://www.acsysindia.com/In PDF document text
- http://www.acumensoftware.net/In PDF document text
- http://www.adamcomsof.com/In PDF document text
- http://www.adccindia.com/In PDF document text
- http://www.aditi.com/In PDF document text
- http://www.adobeindia.com/In PDF document text
- http://www.adroitindia.com/In PDF document text
- http://www.amdlcorp.com/In PDF document text
- http://www.adventsoftware.net/In PDF document text
- http://www.adventnet.com/In PDF document text
- http://www.affinity-soft.com/In PDF document text
- http://www.aftek.com/In PDF document text
- http://www.agarwalmanagement.com/In PDF document text
- http://www.agere.com/In PDF document text
- http://www.aithent.com/In PDF document text
- http://www.ajubanet.net/In PDF document text
- http://www.akshay.com/In PDF document text
- http://www.alcatel.com/In PDF document text
- http://www.algosoftware.com/In PDF document text
- http://www.alletec.com/In PDF document text
- http://www.allsoft-corp.com/In PDF document text
- http://www.amitysoft.com/In PDF document text
- http://www.amoebatel.com/In PDF document text
- http://www.ampercorp.com/In PDF document text
- http://www.amsoftis.com/In PDF document text
- http://www.amsoftindia.com/In PDF document text
- http://www.amsysinfotech.com/In PDF document text
- http://www.annetsite.com/In PDF document text
- http://www.an-netinfotech.com/In PDF document text
- http://www.anniksystems.com/In PDF document text
- http://www.ansalhousingltd.com/In PDF document text
- http://www.antaressystems.com/In PDF document text
- http://www.apar.com/In PDF document text
- http://www.appliedcommerce.com/In PDF document text
- http://www.aptsoftware.com/In PDF document text
- http://www.aptech-worldwide.com/In PDF document text
- http://www.aresindia.com/In PDF document text
- http://www.arthurandersen.com/In PDF document text
- http://www.aryacom.com/In PDF document text
- http://www.aryabhattasolutions.com/In PDF document text
+726 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.