MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document contains a large number of external links, many of which are designed to appear as legitimate software download pages, but are in fact part of a link farm. The primary URL, http://xtraserp.com/averatec/..., appears to be a malicious download link. The document's structure and content strongly suggest a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0187
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://xtraserp.com/averatec/ZG93bmxvYWR8amQzTjNOaGFueDhNVFkxTnpFNE5qazFOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk?glazes=opposes&swerve=/Y3JhY2sgYnJpY2tzIG9mIGVneXB0IDIgMzUY3J/thorntree.thermometer
- https://www.residenzagrimani.it/2022/07/08/autodata-338-free-download-full-version-best/
- https://noshamewithself.com/upload/files/2022/07/btcIWqRLKeYZIWFe9Lem_07_1ea512b94bf3b3e549c562d9f6d4faf6_file.pdf
- https://darblo.com/windows-8-professional-build-9200-activator-free-download-link/
- https://immanuelglobalwp.com/hd-online-player-once-upon-a-time-in-mumbaai-dual-aud-__top__/
- https://cambodiaonlinemarket.com/kisi-kisi-soal-ulangan-harian-kelas-3-sd-semester-1-temp/
- https://medcoi.com/network/upload/files/2022/07/JCTFYvguanOZnftQBpij_07_262de2e1dd335d2d9de867554b59eec0_file.pdf
- http://www.nextjowl.com/upload/files/2022/07/bjD8ERtQhzSTIn7r4I3K_07_262de2e1dd335d2d9de867554b59eec0_file.pdf
- https://www.coinscustom.com.au/sites/www.coinscustom.com.au/files/webform/acme-id-card-maker-5-0-keygen-idm.pdf
- https://qef.org.uk/system/files/webform/cv/taito-type-x-x2-emulator-with-18-games-and-frontend.pdf
- https://www.origins-iks.org/wp-content/uploads/2022/07/flexisignpro105crack18.pdf
- https://grupobmt.com/wp-content/uploads/2022/07/Nintex_Workflow_2010_V_2360_License_WORK_Keygen.pdf
- https://agile-reef-59872.herokuapp.com/oberpadm.pdf
- https://www.aulavirtual.icaf.cl/blog/index.php?entryid=3679
- https://evening-wave-14739.herokuapp.com/autopol_bend_simulator_download.pdf
- https://www.residenzagrimani.it/2022/07/08/crazytalk-pro-6-0-cracked-exclusive/
- https://merbraha.com/wp-content/uploads/2022/07/nixlav.pdf
- http://dealskingdom.com/sw2010-2013-activator-ssq-exe-cracked/
- https://bizzbless.com/wp-content/uploads/2022/07/rijal_al_kashi_urdu_pdf_download.pdf
- https://blooming-plateau-96188.herokuapp.com/Xf_Adsk64_Autocad_2016_Serial_Number.pdf
- https://stonerx.me/upload/files/2022/07/DE9876pBzcCQnZePvZXN_07_1ea512b94bf3b3e549c562d9f6d4faf6_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Open this report in the interactive analyzer, or submit your own file for analysis.