MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF document contains a large number of external links, many of which point to other PDF files or potentially malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external links, suggesting a tactic to distribute malware or phishing content. The primary IOC is the URL http://evacdir.com/chemises/nishayam/hexaniacinate/pleuritis/cumbria?ZG93bmxvYWR8SGsxWWpJM2VIeDhNVFkxTnpFNE5qazFOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=prfree&S3JhbnRpIDE5ODEgRHZEUmlwIHgyNjQgQUMgMyBNNzc3IE0yVHYS3J=, which is likely used to host or redirect to a malicious payload.
Machine Learning
- Nyx PDF Classifier clean score 0.0452
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/chemises/nishayam/hexaniacinate/pleuritis/cumbria?ZG93bmxvYWR8SGsxWWpJM2VIeDhNVFkxTnpFNE5qazFOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=prfree&S3JhbnRpIDE5ODEgRHZEUmlwIHgyNjQgQUMgMyBNNzc3IE0yVHYS3J=
- https://thehomeofheroes.org/easeus-data-recovery-12-8-crack-better-with-license-key-2019/
- https://tutorizone.com/wp-content/uploads/2022/07/flawjard.pdf
- https://yooyi.properties/wp-content/uploads/2022/07/CounterStrike_Source_Zombie_Mod_New_Editmod_Serial_Key_Keyge.pdf
- https://moniispace.com/upload/files/2022/07/SsWwPnE5fEJZ1ymlGtvK_08_a0cdc7553e87234c6045ce1f177d3015_file.pdf
- http://www.studiofratini.com/pipeflow-expert-2007-rev-1-12-rar-2/
- http://www.rathisteelindustries.com/wp-content/uploads/2022/07/osypan.pdf
- https://shielded-beyond-27101.herokuapp.com/freaelme.pdf
- https://immense-ridge-83997.herokuapp.com/napoleon_bonaparte_history_in_urdu_pdf_download.pdf
- https://salty-stream-77408.herokuapp.com/AUTODATA465CrackFULLUpdate2018.pdf
- https://ourlittlelab.com/wp-content/uploads/2022/07/Cobra_driver_Pack_2018_ISO_Cracked_Free_Download.pdf
- https://eqsport.biz/baca-novel-melayu-online-free-best/
- https://fairosport.com/solucionarioresistenciadematerialesschaumwilliamnash/
- https://lit-chamber-52114.herokuapp.com/illyvyvy.pdf
- https://boiling-tundra-30132.herokuapp.com/ysolat.pdf
- https://culvita.com/top-spin-1-pc-game-free-11-new/
- http://www.reiten-scheickgut.at/wp-content/uploads/2022/07/HD_Online_Player_grau_gmbh_video_repair_tool_keygen_17.pdf
- http://oneteamacademy.com/wp-content/uploads/2022/07/Gp_Pro_Ex_Software_Free_Download.pdf
- https://yooyi.properties/wp-
- https://moniispace.com/upload/files/2022/07/SsWwPnE5fEJZ1ymlGtvK_08_a0cdc7553e87234c6045ce
- https://ourlittlelab.com/wp-
- http://www.reiten-scheickgut.at/wp-
- https://wakelet.com/wake/Av2KhVu9p2vBAXmJByRCe
- https://trello.com/c/IY2mS6Aq/46-originlab-9-free-download-with-crack-repack
- https://trello.com/c/A1Yzv1BO/101-antrenand-o-pe-tessa-pdf-free-link
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Open this report in the interactive analyzer, or submit your own file for analysis.