MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF contains a link farm of SEO-optimized links, with the primary URL pointing to 'evacdir.com'. This suggests a tactic to distribute further malicious content or redirect users to phishing sites. The PDF structure and embedded links indicate a clear attempt to lure users into downloading additional malicious files.
Machine Learning
- Nyx PDF Classifier clean score 0.0206
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/eggy/inimical/paisley?transgression=RnJlZSBWYXN0dSBTaGFzdHJhIEVib29rIERvd25sb2FkcyBWYWFzdHUgQm9va3MgVGVsdWd1IDUzRnJ&kearney=/jonathon.ZG93bmxvYWR8NE5TTlRjd2ZId3hOalUwTnpNd09EZzJmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww=troller
- https://www.movimento2stellette.it/wp-content/uploads/2022/06/fabkaf.pdf
- http://torbayexperts.com/wp-content/uploads/2022/06/download_Ankhon_Dekhi_movie_torrent_1080p.pdf
- https://www.coursesuggest.com/wp-content/uploads/2022/06/Sandilyan_Jala_Deepam_Part_1pdf.pdf
- https://vogelvriendendoesburg.nl/index.php/advert/full-cakewalk-boost-11-vst-plug-in/
- http://www.tutoradvisor.ca/mastram-tamil-dubbed-movie-download/
- https://www.promorapid.com/upload/files/2022/06/ohevD7ZhZzTQOyvMd4uI_09_0fe4663b09d952f56714dec300fe0ec7_file.pdf
- https://travelwithme.social/upload/files/2022/06/CQM679Z8xfXS3sK8kpMm_08_fc502bdaf4afd2b0b39842e44be22b72_file.pdf
- http://theartdistrictdirectory.org/wp-content/uploads/2022/06/palitan_indie_film_full_movie_download.pdf
- https://colonialrpc.com/advert/adobe-cs3-keygen-free-download-of-x-1566-exclusive/
- https://www.cheddrbox.com/upload/files/2022/06/l7zkj5oQA88snPLylvrl_08_fc502bdaf4afd2b0b39842e44be22b72_file.pdf
- http://it-labx.ru/?p=28146
- https://tecunosc.ro/upload/files/2022/06/TkajSx3fGBz4bhU7q8Wd_08_0fe4663b09d952f56714dec300fe0ec7_file.pdf
- http://feelingshy.com/wp-content/uploads/2022/06/prymale.pdf
- https://www.papershoot.com/wp-content/uploads/Worms_Clan_Wars_Multiplayer_Crack_19.pdf
- https://www.sumisurabespoke.it/wp-content/uploads/2022/06/Tenmt22net_Video_Bapakbapak_Polisi_Gay_Indonesi_Posso_Barbie_Depeche.pdf
- https://www.academiahowards.com/wp-content/uploads/2022/06/dellaw.pdf
- https://chichiama.net/?p=38596
- https://fuerzasparavivir.com/wp-content/uploads/2022/06/aggrella.pdf
- https://www.clyouththeatre.org/crack-sonic-academy-kick-nicky-romero-edition-v1-01-win-macosx-incl-k.html
- https://wakelet.com/wake/h112PuxuciUWigWjv8UUK
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00000f66.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xF66 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.