MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. One of these links, http://evacdir.com/, appears to be a download lure. The document body is heavily obfuscated and does not provide clear textual clues, but the presence of numerous external links strongly suggests a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0185
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/?ZG93bmxvYWR8REM5YVdkb2JIeDhNVFkxTkRrNE9URTJNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA&defragmented=headquarted&curses=mann&binocular=Y29yZWwgZHJhdyB4NyBzZXJpYWwgbnVtYmVyIGFuZCBhY3RpdmF0aW9uIGNvZGUgMTE0OQY29
- https://rwix.ru/pari-movie-download-verified-in-hindi-mp4-movies.html
- https://provibelife.com/wp-content/uploads/2022/06/Wdr_Udma_Full_Version_33.pdf
- https://beckleyservices.com/wp-content/uploads/2022/06/Keygen_4_AutoCAD_V2013_x32x64DeLtA_Sn1p3r_Serial_Key_keygen.pdf
- https://salty-retreat-13688.herokuapp.com/pheichr.pdf
- https://salty-escarpment-46567.herokuapp.com/PCUnlocker_WinPE_8143_Enterprise_Edition_ISO_4realtorrentz.pdf
- https://mysterious-spire-56969.herokuapp.com/RESIDENT_EVIL_5_DX10_DX9_V100129_13_Trainerrar.pdf
- https://shalamonduke.com/street-fighter-ex-3-pc-download/
- http://wohnzimmer-kassel-magazin.de/wp-content/uploads/Cd500_Navi_Europa_Download.pdf
- https://coreelevation.com/2022/06/12/esetpurefixv205/
- http://www.vauxhallvictorclub.co.uk/advert/aentity-download-full-version-link/
- https://cloudxmedia.com/esic-med-7b-form-download-pdf/
- https://www.pianistaid.com/wp-content/uploads/2022/06/Puyo_Puyo_TetrisCODEX_NEW.pdf
- https://www.bigganbangla.com/wp-content/uploads/2022/06/Fabulous__Angelas_High_School_Reunion_Ativador.pdf
- https://www.recentstatus.com/upload/files/2022/06/DLxIOFeZypU2cD6qWlRJ_12_96d555d5902db59b8698ebb094f9904e_file.pdf
- https://mxh.vvmteam.com/upload/files/2022/06/k9p3IkefbksBHQ3TZuXs_12_77539d7bef8bdb4056e6ab66419f71d8_file.pdf
- https://l1.intimlobnja.ru/extreme-surebet-money-maker-9-6-0-incl-key-rar-serial-key-keygen/
- https://workplace.vidcloud.io/social/upload/files/2022/06/eClDG481DqdBRLfHXcBw_12_96d555d5902db59b8698ebb094f9904e_file.pdf
- http://www.bankerogkontanter.no/wp-content/uploads/2022/06/mahabharat_karna_story_in_tamil_pdf_download.pdf
- https://ipe888.com/wp-content/uploads/2022/06/Los_Bravos_Discografia_WORK.pdf
- http://www.male-blog.com/wp-content/uploads/2022/06/Digital_Anarchy_Beauty_Box_Crack_comprimir_atomic_nue.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_001_off00000c23.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xC23 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.