Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMAND
  Extracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://evacdir.com/ZG93bmxvYWR8cW0xTlcwNFpueDhNVFkxTkRjNE1EazBNbng4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/elmhurst.lamps/grayscale.membrane?osteoarthritic=relates.Q20gUmVsaWVmIEZ1bmQgVGVsYW5nYW5hIEFwcGxpY2F0aW9uIEZvcm0gUGRmIERvd25sb2FkQ20.phantasialand PDF link annotation

  • http://rastadream.com/?p=8693In macro / runtime command snippet
  • https://www.yourfootballshirt.com/wp-content/uploads/2022/06/colharm.pdfIn PDF document text
  • https://www.rentbd.net/icloud-bug-imei-unlocker-v2-0-hot/In PDF document text
  • https://kasujjaelizabeth.com/wp-content/uploads/2022/06/Command__CC_Red_Alert_3.pdfIn PDF document text
  • https://mxh.vvmteam.com/upload/files/2022/06/rcwToTyJlaRMuLQZCFc9_10_4a536484449884552a38375b069fa07d_file.pdfIn PDF document text
  • https://factorybraga.com/wp-content/uploads/2022/06/mechatronics_by_kp_ramachandran_pdf_179.pdfIn PDF document text
  • https://bookland.ma/wp-content/uploads/2022/06/greprom.pdfIn PDF document text
  • http://stroiportal05.ru/advert/free-nfs-underground-2-iso-patch-download-free-full-version-game-with-updating/In PDF document text
  • https://fightfortransparencysociety.org/wp-content/uploads/2022/06/Glass_Eye_2000_HOT_Crack_2013.pdfIn PDF document text
  • https://mxh.vvmteam.com/upload/files/2022/06/rcwToTyJlaRMuLQZCFc9_10_4a536484449884552a3In PDF document text
  • http://stroiportal05.ru/advert/free-nfs-underground-2-iso-patch-download-free-full-version-game-with-In PDF document text
  • https://fightfortransparencysociety.org/wp-In PDF document text
  • https://nateeselfrowea.wixsite.com/tacountssucas/post/kd-max-torrent-full-version11-betterIn PDF document text
  • http://www.tcpdf.orgIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://www.aiim.org/pdfa/ns/extension/In PDF document text
  • http://www.aiim.org/pdfa/ns/schema#In PDF document text
  • http://www.aiim.org/pdfa/ns/property#In PDF document text
  • http://www.aiim.org/pdfa/ns/id/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.