MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of external links, many of which point to other PDFs, suggesting a link farm designed to distribute malicious content. The heuristic 'SE_PASSWORD_ARCHIVE_LURE' indicates that the document likely instructs users to provide a password for an archive, a common tactic to bypass security filters. The presence of numerous SEO-optimized PDF links further supports the conclusion that this document is part of a distribution campaign.
Machine Learning
- Nyx PDF Classifier clean score 0.0284
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/goad/aurelia/broomstick/RW5nbGlzaCBJcyBFYXN5IENoZXRhbmFuZCBTaW5naCBCb29rIFBkZgRW5&civic/shaya/ZG93bmxvYWR8YmEwYm13eWJYeDhNVFkxTkRrNE9URTJNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA&sportground.citrin
- http://babussalam.id/?p=8386
- http://template-education.com/?p=4304
- https://demoforextrading.com/wp-content/uploads/2022/06/password_simcity_5_keygen_txt_stock.pdf
- https://darblo.com/wp-content/uploads/2022/06/Bmw_Diagnostic_Head_Emulator_V12.pdf
- https://skatesquad.com/upload/files/2022/06/MW3J1sYhW7g3cJgOwTkz_12_bae52bb2740ff727485c5bb20ce4048b_file.pdf
- https://arabistgroup.com/wp-content/uploads/2022/06/davored.pdf
- http://www.kotakenterprise.com/wp-content/uploads/2022/06/Vladimir_Putin_Style_LINK_Free_Download.pdf
- https://rko-broker.ru/2022/06/12/email-hacker-pro-v346-activation-code-full/
- https://asuperlist.com/wp-content/uploads/2022/06/Conuter_Strike_Break_Through_Edition_Remake_23_CS_Xtreme_Gol.pdf
- https://tecnoviolone.com/wp-content/uploads/2022/06/brh_devanagari_rn_fontrar.pdf
- https://ebs.co.zw/advert/ivt-bluesoleil-10-0-496-1-multilingual-fix-sadeempc-zip-serial-key-keygen/
- https://b-labafrica.net/2011-true-cafe-5-1-crack-hot/
- http://bookmanufacturers.org/karaoke-5-42-7
- https://texvasa.com/wp-content/uploads/2022/06/Wp_Menu_Cart_Pro_Nulled_13.pdf
- http://www.medvedy.cz/hd-online-player-frozen-2-full-movie-hd-torrent-free/
- https://dolneoresany.fara.sk/advert/digidna-imazing-2-5-4-crack-with-activation-code-patched/
- http://yotop.ru/2022/06/12/shri-guru-charitra-in-marathi-pdf-free-free-18/
- https://gitess.com/wp-content/uploads/2022/06/Buku_Bahasa_Jawa_Kelas_4_Sd_Bse_35.pdf
- https://yaapoo.com/upload/files/2022/06/OwDUYGzX7kVByxNHWz5U_12_bae52bb2740ff727485c5bb20ce4048b_file.pdf
- https://moonrivernursingcareers.com/wp-content/uploads/2022/06/maimany.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00001238.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1238 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.