MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1059 Command and Scripting Interpreter
T1204 Malicious Link
The PDF document contains a large number of external links, many of which point to other PDF files, suggesting a link farm designed to distribute malicious content. One of the embedded URIs, http://evacdir.com/maluna/..., is particularly suspicious and likely serves as a download point for a secondary payload. The PDF_SEO_LINK_FARM heuristic confirms the presence of a mass external PDF link farm.
Machine Learning
- Nyx PDF Classifier clean score 0.2226
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/maluna/ZG93bmxvYWR8ZFk2YVc0M2MzeDhNVFkxTkRrNE9URTJNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/refracts/ermine.ooohh.T25lIFR3byBUaHJlZSBNb3ZpZSBIaW5kaSBEdWJiZWQgTXA0IEhkIERvd25sb2FkT25/plga/steenbok/
- https://zariembroidery.com/wp-content/uploads/2022/06/terizab.pdf
- https://carolwestfineart.com/total-war-warhammer-2-crashing-after-battle/
- https://mondetectiveimmobilier.com/wp-content/uploads/2022/06/goantry.pdf
- https://weltverbessern-lernen.de/wp-content/uploads/2022/06/ashfaq_hussain_electrical_machines_book_pdf_download.pdf
- https://wilsonvillecommunitysharing.org/wp-content/uploads/2022/06/CCleaner_5135460_Professional_Plus_Crack_And_Serial_Key_Download_FREE.pdf
- https://www.mangasman.com/wp-content/uploads/2022/06/softpay.pdf
- https://ksycomputer.com/refx-nexus-2-2-1-update-crack-finally-it-has-happened/
- https://angry-mob.com/wp-content/uploads/2022/06/bupena_kelas_5_sd_pdf_140.pdf
- https://www.raven-guard.info/pcmscan-v2-4-12build-1194-keygen-rar/
- https://freetalkusa.app/upload/files/2022/06/29REhmREDcSdYNwGS1Ae_12_395317e76c156fcbd63b04f30fa7584a_file.pdf
- https://kopuru.com/wp-content/uploads/2022/06/windows_8_64_bit_icin_solidcam_2013_indir.pdf
- https://paulinesafrica.org/?p=78313
- http://wp2-wimeta.de/delphi-10-seattle-keygen-portable/
- https://luxurygamingllc.com/traktor-3-le-bcd3000-serial-number-rar/
- https://matesmeetup.com/upload/files/2022/06/Pi9njovx1Xp5GFrWFqPI_12_395317e76c156fcbd63b04f30fa7584a_file.pdf
- https://www.beaches-lakesides.com/wp-content/uploads/2022/06/Train_Simulator_RhB_Enhancement_Pack_03_AddOn_Free_Download_BETTER.pdf
- https://intrendnews.com/ontrack-disk-supervisor-9-57-boot-iso-zip-13-puntate-grammatica-t/
- https://thevaluesquares.com/madame-d-syuga-pdf-31/
- https://unimedbeauty.com/nautical-almanac-1990-pdf-download/
- https://bookuniversity.de/wp-content/uploads/2022/06/tanahaz.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00000eb1.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xEB1 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.