MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The PDF contains a direct link to an executable file, identified by the PDF_DIRECT_PAYLOAD_LINK heuristic. This strongly suggests a malicious intent to deliver a payload. The URL points to 'Paymentslip.exe', indicating a lure related to financial transactions. No scripts were extracted, and the document body was unreadable, but the direct payload link is sufficient evidence for the attack pattern.
Machine Learning
- Nyx PDF Classifier clean score 0.0009
Heuristics 2
-
PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINKPDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jobsbankbd.com/Paymentslip.exe
- https://www.google.com/imgres?imgurl=http://cdn.makeuseof.com/wp-content/uploads/2008/07/pdflogo.png?x92042&imgrefurl=http://www.makeuseof.com/tag/websites-to-publish-share-your-pdfs-online/&docid=za7BAf8vku5gbM&tbnid=sfHzVohKz1kEtM:&vet=10ahUKEwjCsNnkhrfVAhVDSRoKHSfOBoEQMwhNKB4wHg..i&w=256&h=256&bih=637&biw=1366&q=view
Open this report in the interactive analyzer, or submit your own file for analysis.