MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF document contains a large number of external links, indicating a link farm or redirection strategy to distribute malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically flags this behavior, suggesting the document's primary purpose is to drive traffic to external sites. The presence of multiple URLs, including one with a base64 encoded string in its path, supports the conclusion that this is a malicious lure.
Machine Learning
- Nyx PDF Classifier clean score 0.0287
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/.atty.ZG93bmxvYWR8V0g0TVRWM09IZDhmREUyTlRRNU9Ea3hOako4ZkRJMU9EZDhmQ2hOS1NCSVpYSnZhM1VnVzBaaGMzUWdSMFZPWFE.vantage.ayre.garinger.VmlzdWFsIGxhbmQgcHJlc3RpZ2UgN2wgdXNiIGRyaXZlcgVml
- http://svm.od.ua/advert/darkest-hour-english-telugu-movie-download-utorrent-free/
- https://ithinksew.net/advert/les-deux-tours-720p-uptobox-movies/
- https://www.afrogoatinc.com/upload/files/2022/06/6DdtIX3tqjdF5eS5Ko6e_13_3c6fa1b41ee4329bf58e0596073cb0f3_file.pdf
- http://mrproject.com.pl/advert/the-legend-of-zelda-majoras-ma/
- https://attitude.ferttil.com/upload/files/2022/06/DK1U6WasfSMIbJkkny9B_13_35218042fa68e18ea00f3aac528424da_file.pdf
- https://txuwuca.com/upload/files/2022/06/XEvhZ4zJq72YwRPTO52Q_13_b4936fa41f2d9b55f9ffe1d4bf628a01_file.pdf
- https://lll.dlxyjf.com/upload/files/2022/06/3VN9fgmKDA3DRKNKlzEJ_13_35218042fa68e18ea00f3aac528424da_file.pdf
- https://dunstew.com/advert/cummins-insite-7-x-keygen-rar-full/
- https://tenis-goricko.si/advert/autodesk-autocad-2014-x64-64bit-product-key-and-xforce-keygen-link/
- http://tradefrat.com/upload/files/2022/06/ZPq73pYFuXO8SA4TablC_13_4410d12f9ca4cccbad403998e6d6bdbe_file.pdf
- https://social.mactan.com.br/upload/files/2022/06/jFDU3sycTlZuTzAnP1Aa_13_3c6fa1b41ee4329bf58e0596073cb0f3_file.pdf
- https://bonnethotelsurabaya.com/businesscareers/diablo-2-lod-v1-13-portable-with-hero-editor
- https://www.mland.co.za/advert/distorted-reality-1-wav-kontakt-537mb-libro-ricetta-carattere-gratiz-hot/
- http://www.strelkabrno.cz/advert/jism-2-full-movie-with-english-subtitles-download-free-free/
- https://www.gayleatherbiker.de/upload/files/2022/06/2xETxRjzNLHgiEBgMCgK_13_3c6fa1b41ee4329bf58e0596073cb0f3_file.pdf
- https://salty-sea-54307.herokuapp.com/EPSON_Adjustment_Program_Waste_Ink_Reset_TX550W_SX510W_Downl.pdf
- https://zymlink.com/advert/vray-sketchup-mac-crack-keygen/
- http://magiaciganopablo.tk/advert/vag-com-409-1-crack-instalacja/
- https://shapshare.com/upload/files/2022/06/JOUH7fStAK1Ma8SgYrzy_13_a19ddbaf8ce59ddd937f35438af11731_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00001220.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1220 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.