Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMAND
  Extracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://evacdir.com/phish/ZG93bmxvYWR8YXc0Tm5CbU5IeDhNVFkxTkRZME16TTFNSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/puttering.space.stefan.reimbursable.RWFzeSBTY3JlZW4gT0NSRWF?usacurling=improved

  • https://www.pronitron.com/advert/record-anything-crack-with-registration-code/
  • https://fastlocalservices.com/locateip-crack/
  • https://portalnix.com/net-monitor-for-employees-pro-crack/
  • https://epkrd.com/mario-crack-free-win-mac/
  • https://tuinfonavit.xyz/?p=2249
  • http://cannabisrepository.com/wp-content/uploads/2022/06/BartVPN_Crack_With_Product_Key_Free_Download.pdf
  • https://estalink.fun/upload/files/2022/06/ZTnTDS81eG4MYCjQUCwX_08_a2ac8d9ea733565395368634d7ea627d_file.pdf
  • https://hafeztic.com/wp-content/uploads/2022/06/Friend_Bomber_formerly_Facebook_Devil__Crack__Free_X64_Updated.pdf
  • https://zip-favor.ru/bez-rubriki/aya-audio-to-mp3-wma-aac-mp2-wav-ogg-m4a-amr-converter-crack-patch-with-serial-key-for-pc-updated-2022/
  • https://ibipti.com/wp-content/uploads/2022/06/TracerPlus_Connect.pdf
  • https://one97.online/advert/celebrity-model-escort-in-ghaziabad/
  • http://bookmanufacturers.org/reghunter-crack-with-full-keygen-download-final-2022
  • https://boardingmed.com/2022/06/08/canyon-screensaver-crack-with-serial-key-april-2022/
  • http://www.rosesebastian.com/?p=3488
  • https://www.exploreveraguas.com/wp-content/uploads/2022/06/OpenWithView_Crack___Free_Download_April2022.pdf
  • https://koalalauncher.com/wp-content/uploads/2022/06/margra.pdf
  • http://shop.chatredanesh.ir/?p=18409
  • https://corvestcorp.com/wp-content/uploads/2022/06/egohedl.pdf
  • https://northshorerealtysanpancho.com/advert/song-list-generator-129-549-crack-activation-code-download-mac-win/
  • https://monloff.com/isilo-6-3-2-crack-x64-2022-new/
  • https://www.pronitron.com/advert/record-a
  • http://www.tcpdf.org
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://www.aiim.org/pdfa/ns/extension/
  • http://www.aiim.org/pdfa/ns/schema#
  • http://www.aiim.org/pdfa/ns/property#
  • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.