MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF document contains a significant number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The primary URL, http://evacdir.com/crowes/frivolously/..., appears to be a gateway for downloading further content. This suggests the document is designed to redirect users to various potentially malicious resources, likely for malware distribution or phishing.
Machine Learning
- Nyx PDF Classifier clean score 0.0227
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/crowes/frivolously/ZG93bmxvYWR8YXYyT0RsbGZId3hOalUwTnpNd09EZzJmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww.WmluZGFnaSBOYSBNaWxlZ2kgRG9iYXJhIEhkIE1wNCBEb3dubG9hZAWml/moncada/quenchers/
- https://cristinalinassi.com/wp-content/uploads/Atlas_Ti_7_Full_FREE_Crack.pdf
- https://kate-mobilez.ru/wp-content/uploads/2022/06/olyjesi.pdf
- https://juncty.com/wp-content/uploads/2022/06/downloadmoviesin720pYehJawaaniHaiDeewani1080p.pdf
- https://spaziofeste.it/wp-content/uploads/Flying_Fish_Sinhala_Full_Movie_17.pdf
- https://nisharma.com/cantec-despre-mine-walt-whitman-comentariu-literar/
- https://www.d360.fr/wp-content/uploads/2022/06/Ptc_Creo_Parametric_20_Torrent_Download.pdf
- https://www.riobrasilword.com/wp-content/uploads/2022/06/Download_Pakistani_Tv_Serial_Dhoop_Kinare.pdf
- https://aboutdance.com.ua/advert/sesso-con-animali-zoofiliaporno-gratis-better/
- https://conexionfit.net/wp-content/uploads/2022/06/Ubrt2300_V4_17.pdf
- https://eqcompu.com/2022/06/08/satyagraha-1080p-movie-torrent/
- http://tudungnakal.com/?p=4756
- http://implicitbooks.com/advert/pcut-ct-1200-software-downloadl/
- https://agorainsights.dev/blog/index.php?entryid=67425
- https://mytown247.com/wp-content/uploads/2022/06/Traveller_advanced_c1_teacher_s_book.pdf
- http://www.bioloja.org/l/checklists/checklist.php?clid=1415
- http://emforma.cm-amadora.pt/blog/index.php?entryid=27
- https://siddhaastrology.com/baraha-10-4-crack-rar-rar-8-00m-full-link/
- https://chatbook.pk/upload/files/2022/06/5zNP6ccZfPq7XMgiVZlk_08_f920a654104ac528ba5db32bff00b8ac_file.pdf
- https://chatbook.pk/upload/files/2022/06/5zNP6ccZfPq7XMgiVZlk_08_f920a654104ac528ba5db32bff00b8ac_fil
- https://gastthowertumota.wixsite.com/inclaniloc/post/piku-download-kickass-720p-12-__link__
- https://hobiz.s3.amazonaws.com/upload/files/2022/06/9E4hS9eM92NJNVLJ2dFz_08_2b8180be5ef55985ccdf9661ba5e2e68_file.pdf
- http://www.tcpdf.org
- https://hobiz.s3.amazonaws.com/upload/files/2022/06/9E4hS9eM92NJNVLJ2dFz_08_2b8180be5ef55985ccdf9661
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00001103.bina217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1103 | 120140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.