Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMAND
  Extracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
• Clickable URI points to raw IP address medium PDF_URI_IP_LITERAL
  PDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://mydrugdir.com/ZG93bmxvYWR8Z2MzTVRaMmVueDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?cURleAcUR=/unathletic/danang.delves.palmberry/

  • https://newsafrica.world/2022/07/voice-keyer-crack-with-license-code-for-windows/
  • https://evol.ai/dgex/index.php/advert/segger-systemview-portable-crack-2022-new/
  • https://radiaki.com/?p=6097
  • https://ictlife.vn/upload/files/2022/07/qKEfsgoOa7mj1DnF3lrz_04_2fd9bade0b983b8c809cbbc2e2759736_file.pdf
  • https://trikonbd.com/jpeg-tiff-bmp-to-flv-converter-3000-crack-x64-updated-2022/
  • https://practicea.com/alerts-icons-pack-1-crack-free-download-latest-2022/
  • https://albaganadera.com/wp-content/uploads/2022/07/domhenr.pdf
  • http://climabuild.com/soaptrace-net-crack-free-latest/
  • http://djolof-assurance.com/?p=25485
  • https://www.reperiohumancapital.com/system/files/webform/PdfCrypt.pdf
  • http://3.16.76.74/advert/pfrandomnamesgenerator-activation-key-download-updated-2022/
  • https://chichiama.net/quick-recovery-microsoft-word-pc-windows/
  • https://boldwasborn.com/silverfast-dcpro-studio-2-0-5-free-download-latest/
  • https://zip-favor.ru/wp-content/uploads/2022/07/AVSMeter.pdf
  • https://himoin.com/upload/files/2022/07/oJ9RbAyKLMd5XX5xeZNU_04_39080837e103bcf2f352ed27fb6892ca_file.pdf
  • https://naamea.org/upload/files/2022/07/1CjoEMOqFYk5WqIbuofn_04_2fd9bade0b983b8c809cbbc2e2759736_file.pdf
  • https://studygoodenglish.com/course/blog/index.php?entryid=2759
  • https://ictlife.vn/upload/files/2022/07/qKEfsgoOa7mj1DnF3lrz_04_2fd9bade0b983b8c809cbbc2e2759
  • https://himoin.com/upload/files/2022/07/oJ9RbAyKLMd5XX5xeZNU_04_39080837e103bcf2f352ed27f
  • https://naamea.org/upload/files/2022/07/1CjoEMOqFYk5WqIbuofn_04_2fd9bade0b983b8c809cbbc2e
  • https://platform.blocks.ase.ro/blog/index.php?entryid=7578
  • https://neutranreroma.wixsite.com/usmisuto/post/tutu-flv-to-wmv-converter-crack-with-registration-code-free
  • https://politicalscience.unt.edu/system/files/webform/nsf-reu/2022/applications/Relay-Client.pdf
  • http://www.tcpdf.org
  • https://neutranreroma.wixsite.com/usmisuto/post/tutu-flv-to-wmv-converter-crack-with-registration-
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://www.aiim.org/pdfa/ns/extension/
  • http://www.aiim.org/pdfa/ns/schema#
  • http://www.aiim.org/pdfa/ns/property#
  • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.