MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document contains a link farm designed to trick users into downloading files, with one heuristic specifically flagging a remote-support tool lure. The embedded URL 'http://raisengine.com/ZG93bmxvYWR8eXQ5TVRSeGMzeDhNVFkxTmpjM01UZ3hPSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?enthuse=inflammables=spectrum=littoral=ZmluYWwgZHJhZnQgOCBzZXJpYWwga2V5Z2VuIGFuZCBjcmFjawZml' is likely a payload delivery mechanism. The document body was unreadable, preventing a more detailed analysis of the lure.
Machine Learning
- Nyx PDF Classifier clean score 0.0187
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Remote-support tool lure high SE_REMOTE_SUPPORT_LUREDocument instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://raisengine.com/ZG93bmxvYWR8eXQ5TVRSeGMzeDhNVFkxTmpjM01UZ3hPSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?enthuse=inflammables=spectrum=littoral=ZmluYWwgZHJhZnQgOCBzZXJpYWwga2V5Z2VuIGFuZCBjcmFjawZml
- https://elearning.zonuet.com/blog/index.php?entryid=4261
- https://sprachennetz.org/advert/new-release-nokia-1616-2-unlock-code-calculator/
- https://thetalkingclouds.com/wp-content/uploads/2022/07/download_terjemahan_syarah_umdatul_ahkam_ebook.pdf
- https://www.mil-spec-industries.com/system/files/webform/farming-simulator-2009-product-activation-key33.pdf
- https://www.yarbook.com/upload/files/2022/07/zMVYXEtsRfkgjzwwh2yf_02_09bc34000dcb719387d60e05df20eb94_file.pdf
- https://hanffreunde-braunschweig.de/vectorworks-2014-mac-serial-crack-better/
- https://expertsadvices.net/the-dark-knight-brrip-1080p-dual-audio-eng-hindi-subtitles-software/
- https://friendship.money/upload/files/2022/07/4vWCo3rot2gKsMgYYYrc_02_09bc34000dcb719387d60e05df20eb94_file.pdf
- https://irabotee.com/wp-content/uploads/2022/07/innova3030softwaredownload.pdf
- https://queery.org/el-filibusterismo-tagalog-version-pdf-best-free/
- http://www.hva-concept.com/the-expendables-2010-1080pdual-audio-end-hindi-kaybworld/
- https://www.reperiohumancapital.com/system/files/webform/download-dolci-activator-software-11.pdf
- https://www.careerfirst.lk/sites/default/files/webform/cv/ohaolie288.pdf
- https://news.mtkenya.co.ke/advert/road-creator-pro-v2-03-for-3ds-max-2016-2019-verified-3/
- http://mytown247.com/?p=69620
- https://pascanastudio.com/malwarebytes-anti-malware-premium-3-7-1-2839-code-portable/
- https://www.steppingstonesmalta.com/boletofaculdadefalsodownload-link/
- https://lfbridge.com/upload/files/2022/07/AGH6OJxEAq9bkeK57Wv6_02_4dc0cf87e703b52215a2e1191e72785f_file.pdf
- https://willisleon2.wixsite.com/oxspitsuppso/post/prerequisites-for-bentley-desktop-applications-v8-11-07-03-27-hot
- https://socialspace.ams3.digitaloceanspaces.com/upload/files/2022/07/ntsR8TCtamlxfbAVkSqz_02_4dc0cf87e703b52215a2e1191e72785f_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Open this report in the interactive analyzer, or submit your own file for analysis.