MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of external links, indicating a link farm designed to host or distribute malicious content. One of the primary links, http://evacdir.com/larvicide.exisitng?ZG93bmxvYWR8UHg1YUhSbWNYeDhNVFkxTkRrNE9URTJNbng4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=/guttate/S2luZW1hdGljcyBBbmQgRHluYW1pY3MgT2YgTWFjaGluZXJ5IEJ5IFJsIE5vcnRvbiBTb2x1dGlvbiBNYW51YWwS2l.bronchoscopy&peppery=playwriting, appears to be a download lure. No scripts were extracted, and the document body was unreadable, limiting further analysis.
Machine Learning
- Nyx PDF Classifier clean score 0.0206
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/larvicide.exisitng?ZG93bmxvYWR8UHg1YUhSbWNYeDhNVFkxTkRrNE9URTJNbng4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=/guttate/S2luZW1hdGljcyBBbmQgRHluYW1pY3MgT2YgTWFjaGluZXJ5IEJ5IFJsIE5vcnRvbiBTb2x1dGlvbiBNYW51YWwS2l.bronchoscopy&peppery=playwriting
- http://goldeneagleauction.com/?p=35323
- http://www.sparepartsdiesel.com/upload/files/2022/06/jpE4DgguhcR4pOYx2xT9_12_dc3916c26c06cfae332c41458a4ad6fa_file.pdf
- https://flaxandthimble.com/wp-content/uploads/2022/06/advled.pdf
- https://isispharma-kw.com/les-sims-3-toutes-les-extensions-crack-extra-quality/
- http://www.bigislandltr.com/wp-content/uploads/2022/06/Gta_Iv_No_Se_Encuentra_El_Ordinal_42_Xlivedll.pdf
- https://www.podiumrakyat.com/autocad-2009-keygen-32-bit-download-work/
- https://blagik.com/wp-content/uploads/2022/06/DeskBabes_Full_Models_2012torrenttorrenttorrent.pdf
- https://www.chesapeakemarineinst.com/animal-diversity-hickman-pdf-download-work/
- https://cristianosencontacto.com/wp-content/uploads/2022/06/Chip_And_Dale_Dublat_Romana_HOT.pdf
- https://fermencol.ru/wp-content/uploads/2022/06/marfab.pdf
- http://www.sparepartsdiesel.com/upload/files/2022/06/JqNrhY2fKklOyXb9N5lb_12_dc3916c26c06cfae332c41458a4ad6fa_file.pdf
- https://iptvpascher.com/wp-content/uploads/2022/06/crack_see_electrical_expert_v4.pdf
- https://lots-a-stuff.com/az-arial-azlat-fonts/
- https://www.greenipcore.com/wp-content/uploads/2022/06/daim_iqbal_daim_poetry_books.pdf
- https://houstonhousepc.com/sims-3-sex-mods/
- https://imoraitilaw.com/sp-drivers-v1-5-download/
- https://silkfromvietnam.com/kapita-selekta-kedokteran-ebook-20-verified/
- https://www.palpodia.com/upload/files/2022/06/nbEaP7j7xJlvyoyHc3FM_12_dc3916c26c06cfae332c41458a4ad6fa_file.pdf
- https://himoin.com/upload/files/2022/06/aRfq9uuQyUIrUeTk9Zxp_12_dc3916c26c06cfae332c41458a4ad6fa_file.pdf
- https://stinger-live.s3.amazonaws.com/upload/files/2022/06/WGTgx6eVczm6EeLxzeEu_12_8b4ad8c6158de3b1d76f4ac0c95ae9f3_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00000ec9.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xEC9 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.