MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
T1059.001 PowerShell
The PDF file contains a significant number of external links, with one heuristic specifically identifying it as a 'PDF_SEO_LINK_FARM'. The primary malicious URL, http://evacdir.com/holstein/corresponds/easterners.mason/, is likely used to host or redirect to further malicious content. The document body is heavily obfuscated and does not provide direct clues to the user-facing lure.
Machine Learning
- Nyx PDF Classifier clean score 0.0159
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/holstein/corresponds/easterners.mason/?YXZhc3QhIEVhc3lQYXNzYXZ=ZG93bmxvYWR8OG9WTmpkcU5IeDhNVFkxTkRZME16TTFNSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA&pixilated=ususally
- https://natsegal.com/wp-content/uploads/2022/06/Enigma_Encryption_Crack_With_Product_Key_Latest2022.pdf
- https://deardigitals.com/wp-content/uploads/2022/06/benmatt.pdf
- https://logocraticacademy.org/asynx-planetarium-crack-serial-number-full-torrent-free-for-windows-latest-2022/
- https://gtrdoc.it/wp-content/uploads/2022/06/ABX_Test_for_VSTPlugins.pdf
- http://nayra-tours.com/video-information-crack-free-download/
- https://mimaachat.com/upload/files/2022/06/CxR8r5nIogEjAkNeFmiJ_08_4cd5790adf7761594be420d877fa70b5_file.pdf
- https://www.greenipcore.com/wp-content/uploads/2022/06/Forma8_Crack__Free_Download_For_PC_Latest.pdf
- https://postlistinn.is/wipeout-1-0-2-0-crack-with-license-key
- https://grandvenetianvallarta.com/web2help-crack-activator-3264bit/
- http://ubipharma.pt/?p=6775
- https://ikuta-hs19.jp/bet-watcher-widget-product-key-full-download-2022/
- http://www.brickandmortarmi.com/?p=13175
- http://www.neorestaurantqatar.com/plug-and-play-monitor-serial-key/
- https://hanffreunde-braunschweig.de/wp-content/uploads/2022/06/devobe.pdf
- http://epicphotosbyjohn.com/?p=2773
- http://www.giffa.ru/internet-businessseo/buddybackup-crack-free-win-mac/
- https://mevoydecasa.es/brb-audio-to-midi-env-crack-license-key-full-for-windows-april-2022/
- https://mindspa-india.com/wp-content/uploads/2022/06/shequiq.pdf
- https://spacezozion.nyc3.digitaloceanspaces.com/upload/files/2022/06/tqXNrKZi9NHoppzx66V6_08_4cd5790adf7761594be420d877fa70b5_file.pdf
- https://palscity.ams3.digitaloceanspaces.com/upload/files/2022/06/XubJj3ApNpmvVuWrlgG3_08_ca03436146d8190ff32cb77c812394e5_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off00002a21.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2A21 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.