MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection scheme. One prominent URL, http://evacdir.com/firework.equifax?guiness=R2VvbWV0cmlhRGVzY3JpcHRpdmFOYWthbXVyYVBkZgR2V/prancer&dyskinesia=ZG93bmxvYWR8RXY3TmpBMU1IeDhNVFkxTkRjNE1EZzNPWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA, is directly embedded and likely serves as a distribution point for malicious content. The document body is heavily obfuscated and does not provide clear textual lures.
Machine Learning
- Nyx PDF Classifier clean score 0.0203
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/firework.equifax?guiness=R2VvbWV0cmlhRGVzY3JpcHRpdmFOYWthbXVyYVBkZgR2V/prancer&dyskinesia=ZG93bmxvYWR8RXY3TmpBMU1IeDhNVFkxTkRjNE1EZzNPWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA
- https://mxh.vvmteam.com/upload/files/2022/06/hKUIDk7Jj4AgNPQNheb3_10_1e81ab1859780a7a351bb359dab04ff7_file.pdf
- https://www.advisortic.com/wp-content/uploads/2022/06/English_Pronunciation_Made_Simple_CDzip_3.pdf
- https://urbanpick.biz/wp-content/uploads/2022/06/igoprimoexedownload.pdf
- https://managementcertification.ro/index.php/2022/06/10/solucionario-de-wade-5ta-edicion-organica-11/
- https://community.soulmateng.net/upload/files/2022/06/VLWx46UKrFUuchSvXBWd_10_1e81ab1859780a7a351bb359dab04ff7_file.pdf
- https://ilpn.ca/wp-content/uploads/2022/06/FWsim_Pro_23210.pdf
- http://ipe888.com/?p=6266
- http://pariswilton.com/keygen-xf-trulaser-2019-x64-exe-top/
- http://homedust.com/?p=17944
- https://arlingtonliquorpackagestore.com/cyberlink-powerdirector-14-keygen-free-download/
- http://yogaapaia.it/wp-content/uploads/2022/06/Warriors_Of_The_Rainbow_Seediq_Bale_Part1_2011_BRRip_720p_Xv.pdf
- https://www.pivatoporte.com/wp-content/uploads/2022/06/ArtCAM_2018_free_download_keygen_xforce.pdf
- https://www.shankari.net/wp-content/uploads/2022/06/Dongle_Emulator_Eplan_P8_22_18.pdf
- https://owned.black/wp-content/uploads/2022/06/Deckadance_2_keygen.pdf
- https://oursocial.io/upload/files/2022/06/MtskxQ6A6MjSF2zmxYpb_10_d886fcb6791c47e362f303e975a8b50b_file.pdf
- https://www.madreandiscovery.org/fauna/checklists/checklist.php?clid=19729
- https://pneuscar-raposo.com/wp-content/uploads/2022/06/Astro_Vision_Lifesign_125_Tamil_Software_And_Crackrar_Fix.pdf
- http://fajas.club/wp-content/uploads/2022/06/catelin.pdf
- http://majedarjoke.com/2022/06/10/telecharger-wilcom-embroidery-studio-e2-394/
- https://doyousue.com/tamil-hd-movies-download-1080p-fast-and-furious-8-english-updated/
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000015d3.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x15D3 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.