MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF document contains a large number of external links, many of which point to other PDF files, indicating a link farm for SEO manipulation. One of the primary URLs extracted, http://evacdir.com/hellas/aqualand.evenness?RGljdGlvbmFyeSBPZiBJZGlvbXMgQW5kIFRoZWlyIE9yaWdpbnMgQnkgRmxhdmVsbCBQZGYgRG93bmxvYWQRGl=shedua/fain=&ZG93bmxvYWR8RjRETW5RMlpIeDhNVFkxTkRrNE9URTJNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=poking, is likely used to distribute malicious content or redirect users to phishing sites. The heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent.
Machine Learning
- Nyx PDF Classifier clean score 0.2001
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/hellas/aqualand.evenness?RGljdGlvbmFyeSBPZiBJZGlvbXMgQW5kIFRoZWlyIE9yaWdpbnMgQnkgRmxhdmVsbCBQZGYgRG93bmxvYWQRGl=shedua/fain=&ZG93bmxvYWR8RjRETW5RMlpIeDhNVFkxTkRrNE9URTJNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=poking
- https://ourlittlelab.com/wp-content/uploads/2022/06/atlasdeparasitologiahumanaashorihelpdfdescargar.pdf
- https://skylightbwy.com/wp-content/uploads/2022/06/MissionImpossibleGhostProtocol2011HindiDubbedTOP_FullHDBRRipmkv.pdf
- https://pteridoportal.org/portal/checklists/checklist.php?clid=19235
- https://explorerea.com/?p=4548
- http://www.aydinemlaktrabzon.com/wp-content/uploads/2022/06/neobux_referrals_handy_manager_full_version_11.pdf
- https://festivaldelamor.org/calibri-body-font-free-download/
- https://sunuline.com/upload/files/2022/06/xQtZYgjKnYdwokif4Ueg_12_e2d2855c8ed543b9cdfbfb752406d754_file.pdf
- https://timelessflair.com/wp-content/uploads/2022/06/AutoCAD_LT_2017_32_Bit_Free_Download.pdf
- https://techstoserve.com/wp-content/uploads/2022/06/ivojame.pdf
- https://lannews.net/advert/call-of-duty-3-psp-iso-download-4shared/
- https://gobigup.com/corel-videostudio-pro-x8-keygen-download-22/
- https://vitinhlevan.com/luu-tru/11902
- https://sprachennetz.org/advert/saving-brad-the-kennedy-boys-book-5/
- https://tad-ah.com/wp-content/uploads/2022/06/Download_TOP_FALTU_Movie_In_Hindi_720p.pdf
- http://www.antiquavox.it/dragon-ball-xenoverse-mods-download/
- https://biorepo.neonscience.org/portal/checklists/checklist.php?clid=6114
- https://gardenlocked.com/upload/files/2022/06/GnUi5d9p9SzdvpUBByxr_12_c74fec8545f7b52110cdf965cb1d4900_file.pdf
- https://ak-asyl-mgh.de/advert/ipvanish-vpn-3-4-4-4-crack/
- https://www.donemil.com/wp-content/uploads/2022/06/Arabic_Korg_Pa3x_Set_Rar.pdf
- https://yourtripboy.com/?p=3128
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00000f16.bin70003282ec34aefac30b94caee1246840bbab90e19f1422db5c6752a623b1548 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xF16 | 120244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.