MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document contains a large number of external links, indicating a potential link farm or redirection to malicious content. One notable URL, http://evacdir.com/dml2YXggZmlybXdhcmUgMTkdml.creamers.benoticeable/chilliwack.ZG93bmxvYWR8dmYxTjJObGQzeDhNVFkxTkRjNE1EZzNPWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/isas/mihira/muttering, is directly embedded. The PDF structure and the sheer volume of links suggest a tactic to obscure the true malicious intent, possibly for SEO spam or to host further stages of an attack.
Machine Learning
- Nyx PDF Classifier clean score 0.2051
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/dml2YXggZmlybXdhcmUgMTkdml.creamers.benoticeable/chilliwack.ZG93bmxvYWR8dmYxTjJObGQzeDhNVFkxTkRjNE1EZzNPWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/isas/mihira/muttering
- https://triberhub.com/upload/files/2022/06/fozT2EZfdGblIxqOm2XD_10_10c445056a10bb313e31dc80d14f051d_file.pdf
- https://www.dominionphone.com/wp-content/uploads/2022/06/ToneBoosters_All_Plugins_Bundle_V303_VST_WIN_OSX_Incl_KeyGen.pdf
- https://myfairytale.blog/wp-content/uploads/2022/06/lauana.pdf
- http://www.readbutneverred.com/wp-content/uploads/2022/06/jaynar.pdf
- https://sfinancialsolutions.com/download-komik-tiger-wong-teks-indonesia-install/
- https://setewindowblinds.com/wp-content/uploads/2022/06/FileMaker_Pro_Advanced_1201_Portable.pdf
- https://facenock.com/upload/files/2022/06/L69dImrcPb1C9jeMu3qq_10_10c445056a10bb313e31dc80d14f051d_file.pdf
- http://homeprosinsulation.com/wp-content/uploads/2022/06/flobian.pdf
- https://fraenkische-rezepte.com/wp-content/uploads/2022/06/Dragon_Quest_Monsters_Joker_2_Pro.pdf
- https://www.theblender.it/counter-strike-global-offensive-v1-34-6-0-no-steam-crack-free/
- http://www.skyhave.com/upload/files/2022/06/v6fg9bbGooK4db2Z3fqe_10_adeef31f9ddeafc79287dbeacaf2751a_file.pdf
- https://svistok.org/2022/06/10/ninite-pro-full-crack-150/
- https://www.agrofacil.co/wp-content/uploads/2022/06/brisand.pdf
- https://wakandaplace.com/wp-content/uploads/2022/06/Auto_Mouse_Mover_Registration_Key_Free_Download.pdf
- https://luathoanhao.com/wp-content/uploads/2022/06/Pds_2000_Crack_Full.pdf
- https://myirishconnections.com/wp-content/uploads/2022/06/Crack_MP3_Splitter_Joiner_Pro_5_1_PATCHED.pdf
- https://getinfit.ru/magazine/beckhoff-twincat-2-11-keygenl
- https://entrelink.hk/political/billa-2-cracked-full-movie-hd-1080p-blu-ray-tamil/
- https://www.centerlb.org/wp-content/uploads/2022/06/Train_To_Busan_2_Movie_Hd_720p_Download_NEW.pdf
- https://mentorthis.s3.amazonaws.com/upload/files/2022/06/OfKK4wlNPG5LhfjYQLcZ_10_10c445056a10bb313e31dc80d14f051d_file.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000018ad.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x18AD | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.