MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The PDF document contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. One of these links, http://evacdir.com/tunable/QXN0ZXJpeCBFIE9iZWxpeCAtIE1pc3NhbyBDbGVvcGF0cmEgKER1YmxhZG8pLmF2aQQXN/ZG93bmxvYWR8U0Y3Wm0xMllYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?reconfiguring=befringes.elapsing, is flagged as an external URI. The presence of a link farm suggests an attempt to redirect users to malicious websites or download further payloads.
Machine Learning
- Nyx PDF Classifier clean score 0.0203
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/tunable/QXN0ZXJpeCBFIE9iZWxpeCAtIE1pc3NhbyBDbGVvcGF0cmEgKER1YmxhZG8pLmF2aQQXN/ZG93bmxvYWR8U0Y3Wm0xMllYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?reconfiguring=befringes.elapsing
- https://kjvreadersbible.com/download-crack-ukts-bus-mod-indonesial-free/
- https://likesmeet.com/upload/files/2022/06/qSXZhpx8c3oGjWujNeJj_09_3403b190a1d561f8a227d708c6a4a7dd_file.pdf
- https://baptizein.com/upload/files/2022/06/E8fEKGVarIVvf7qb9mFR_09_6a9552d129089fa2d92c868c6edf22ce_file.pdf
- https://ictlife.vn/upload/files/2022/06/8YB1MOvRC8aGpiyf4zqt_10_3403b190a1d561f8a227d708c6a4a7dd_file.pdf
- https://totoralillochile.com/advert/its-quiz-time/
- https://favelasmexican.com/2022/06/09/advanced-mp3-catalog-pro-v3-36-avec-serial-download-pc/
- http://svm.od.ua/advert/swtor-expired-codes-a-fixed-guild-wars-code/
- https://lobenicare.com/download-hitman-movie-in-mp4-dubbed-hindi/
- https://www.travelmindsets.com/nod-antivirus-10-serial-key/
- https://www.theblender.it/xdcam-hd-422-codec-download-premiere-patched-free/
- https://www.vialauretanasenese.it/download-lks-matematika-kelas-6-sd-semester-1/
- http://doyousue.com/?p=82627
- https://www.aussnowacademy.com/download-keygen-xforce-for-flame-assist-2015-free-download/
- https://happyfarmer.clickhost.nl/advert/secret-files-3-patch-fr-link/
- https://northshorerealtysanpancho.com/advert/x-force-fix-keygen-adobe-cs6-master-collection/
- https://www.yapi10.com.tr/upload/files/2022/06/86t1oqnXmZR2B6UEwI3T_09_02c4e2b6722b6920684a851a1758c45f_file.pdf
- https://u-ssr.com/upload/files/2022/06/pGDT81TvgSZaqZc5rx4n_09_afd46ca87087fa538603d131bd802567_file.pdf
- http://noticatracho.com/?p=20295
- https://hobiz.s3.amazonaws.com/upload/files/2022/06/Ed8SSh229ZGvRlBgwodh_09_51848f01869b3fa44155684d850f4cc9_file.pdf
- https://spacezozion.nyc3.digitaloceanspaces.com/upload/files/2022/06/RGFPUYlhzpmLBZ88dbW6_09_6a9552d129089fa2d92c868c6edf22ce_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000010e6.bin238e9c059c23132246e933a81ac501b1009b281c7872984817b5d76e9598d5bc |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x10E6 | 120304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.