MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The PDF document contains a heuristic firing for a large number of external links, suggesting a link farm or SEO poisoning attempt. One of the embedded URLs, http://evacdir.com/mangula/..., is particularly suspicious and likely serves as a download point for a second-stage payload. The document also exhibits characteristics of a password-protected archive lure, indicating an attempt to bypass security controls.
Machine Learning
- Nyx PDF Classifier clean score 0.0161
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/mangula/ZG93bmxvYWR8TWI2TWpnMlpueDhNVFkxTkRZME16TTFNSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?cronin.controvesery.RW5jcnlwdGlvbiBXaXphcmQRW5.lats
- http://huntingafrica.org/wp-content/uploads/2022/06/janejayc.pdf
- http://www.giffa.ru/communicationsvideo-conferencing/wondershare-ppt-to-video-4-6-0-crack-latest-2022/
- https://unmown.com/upload/files/2022/06/cn5FNIGD14yCD9or7LOP_08_7b9d3bbcf9560deca76738de7efc9eaa_file.pdf
- https://firmateated.com/wp-content/uploads/2022/06/Numismatist_039s_Notebook_II_Crack_For_PC_Latest_2022.pdf
- https://www.lichenportal.org/cnalh/checklists/checklist.php?clid=15814
- http://fotoluki.ru/?p=3735
- https://www.realteqs.com/teqsplus/upload/files/2022/06/DwnUJmObXKiZsvjfFdMq_08_de5de3803fecf3994d3f85c4fd7f9119_file.pdf
- https://donin.com.br/advert/pixel-fx-designer-10-50-14-crack-product-key-free-download/
- https://www.intermountainbiota.org/portal/checklists/checklist.php?clid=70601
- https://ihunt.social/upload/files/2022/06/QiAwfKBtPVZV7m2dash7_08_7b9d3bbcf9560deca76738de7efc9eaa_file.pdf
- https://www.techclipse.com/bartender-express-measurement-calculator-crack-download-mac-win-latest/
- https://csermoocf6ext.blog/wp-content/uploads/2022/06/directory_lister.pdf
- http://pi-brands.com/wp-content/uploads/2022/06/WinVDR_Pro.pdf
- http://al-resalh.com/?p=9651
- https://vendredeslivres.com/wp-content/uploads/2022/06/zopjami.pdf
- http://taifsn.com/lender/massive-unzip-activation-code-with-keygen-latest-2022/
- http://al-resalh.com/?p=9653
- https://vee.red/upload/files/2022/06/4NrsZMoZpJJlEj3ePWR5_08_de5de3803fecf3994d3f85c4fd7f9119_file.pdf
- https://www.mesologiehetgooi.nl/?p=7781
- https://www.realteqs.com/teqsplus/upload/files/2022/06/DwnUJmObXKiZsvjfFdMq_08_de5de3803fecf3994d3f85c4fd7f9119
- https://serv.biokic.asu.edu/neotrop/plantae/checklists/checklist.php?clid=21357
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off00002902.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2902 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.