MALICIOUS
90
Risk Score
Heuristics 4
-
OOXML external relationship targets a free/throwaway TLD high OOXML_EXTERNAL_REL_FREE_TLDDocument has an external relationship whose target host is on a free, no-registration TLD (Freenom .ml/.ga/.cf/.gq/.tk). Legitimate business documents do not link out to a Freenom throwaway domain; these are a near-zero-FP phishing / BEC delivery tell (e.g. an RFQ/invoice lure pointing at 'shareddocuments.ml/RFQ'). The relationship may be a hyperlink, a remote template, or an external OLE object.
-
Remote-support tool lure high SE_REMOTE_SUPPORT_LUREDocument instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
-
External hyperlinks (4531) low OOXML_EXTERNAL_HYPERLINKSDocument contains 4531 external hyperlinks — clickable URLs are stored as external relationships. First target: http://nhansudaihoi13.org/
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://github.com/didikw/hashbd/blob/main/apt-hosts In document text (OOXML body / shared strings)
- http://nhansudaihoi13.org/Document hyperlink
- http://gogleshare.xyz/Document hyperlink
- http://www.consensys.willoassessment.com/Document hyperlink
- http://vpset.onmypc.org/Document hyperlink
- http://w0wiq48g7w.uber-asia.com/Document hyperlink
- http://bsef.or.kr/Document hyperlink
- http://account.mhi.co.jp.mailsecure.cc/Document hyperlink
- http://analysis.arkinvst.com/Document hyperlink
- http://asure-onlinee.com/Document hyperlink
- http://chokopan.ru/Document hyperlink
- http://sparrowsgroup.org/Document hyperlink
- http://ns2.radeordaunt.com/Document hyperlink
- http://gourangashil.smartmfdpro.com/Document hyperlink
- http://bluesixnine.com/Document hyperlink
- http://summit-files.com/Document hyperlink
- http://ukraine.html-5.me/Document hyperlink
- http://51sleep.crudoes.ru/Document hyperlink
- http://mail.cao.gov.bd.account.login.sessions.webmailarmy.com/Document hyperlink
- http://dc.crsorgi.gov.in.web.index.phpi.dc-verify.info/Document hyperlink
- http://www.app.willorecruit.com/Document hyperlink
- http://jp.hyyeo.p-e.kr/Document hyperlink
- http://eecommission.firstcloudit.com/Document hyperlink
- http://jinkangpu.co/Document hyperlink
- http://corporate-social-activity-updates.ciecc.com.cn.81-cn.info/Document hyperlink
- http://1733629707.gutaf.ru/Document hyperlink
- http://paknavy-govpk.net/Document hyperlink
- http://cloud.j-ic.com/Document hyperlink
- http://gov.in.indianarmy.gov/Document hyperlink
- http://basketsalute.com/Document hyperlink
- http://mygov.pw/Document hyperlink
- http://docsend.me/Document hyperlink
- http://u3u6gm4b34.cardioteacher.com/Document hyperlink
- http://dc.crsorgi.gov.in.web.indax.auth.dc-verifycertificate.info/Document hyperlink
- http://223-25-233-248.revdns.8toinfinity.com.sg/Document hyperlink
- http://email-gov-in-security.net/Document hyperlink
- http://instantreceive.org/Document hyperlink
- http://ai.bananat.p-e.kr/Document hyperlink
- http://logincheck.in/Document hyperlink
- http://scaurri.com/Document hyperlink
- http://cryptocopedia.com/Document hyperlink
- http://helpdesk-product.com/Document hyperlink
- http://imberly.com/Document hyperlink
- http://info.imly.org/Document hyperlink
- http://app.willomexcvip.us/Document hyperlink
- http://cafe24.pro/Document hyperlink
- http://experience-improvement.com/Document hyperlink
- http://willocandidates.com/Document hyperlink
- http://drygmetal.ru/Document hyperlink
- http://guvalas.ru/Document hyperlink
+16 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.