MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document contains a large number of external links, many of which appear to be SEO-optimized for search engines. The primary malicious URL identified is http://sitesworlds.com/colostrum/.conatin.bW9iaWxlIGNvbXB1dGluZyByYWprYW1hbCAybmQgZWRpdGlvbiBwZGYgZG93bmxvYWQbW9?evasion]=absoluteley=ZG93bmxvYWR8Zms2TVdVMmNYeDhNVFkxTmpjM01UZ3hPSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.glorified, which likely serves as a lure to download further malicious content. The document's structure and content suggest a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0114
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://sitesworlds.com/colostrum/.conatin.bW9iaWxlIGNvbXB1dGluZyByYWprYW1hbCAybmQgZWRpdGlvbiBwZGYgZG93bmxvYWQbW9?evasion]=absoluteley=ZG93bmxvYWR8Zms2TVdVMmNYeDhNVFkxTmpjM01UZ3hPSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.glorified
- http://www.midax.it/registrazione-utenti/
- https://ethandesu.com/wp-content/uploads/2022/07/Plasmacam_Design_Edge_NEW_Crack_Repair.pdf
- https://lms.trungtamthanhmy.com/blog/index.php?entryid=2333
- https://everyonezone.com/upload/files/2022/07/XNLkxsz4qgETZooNYFoK_02_44c9090f2bdf2b99bc7d0d1e667a4c15_file.pdf
- https://www.fiol-mallorca.com/upload/files/2022/07/OehFDbUY6SxjsDVfmil3_02_994433dcb56dd417330a0aeb841cfab1_file.pdf
- https://naamea.org/upload/files/2022/07/1YtO97GUfmqKmtoj6jUc_02_994433dcb56dd417330a0aeb841cfab1_file.pdf
- https://lacomfortair.com/vice-versa-tarot-kit-book-pdf/
- https://sellandbuyitsolution.com/wp-content/uploads/2022/07/whoyam.pdf
- http://feelingshy.com/estratigrafia-inmaculada-corrales-pdf-verified-download/
- http://www.midwestmakerplace.com/?p=28119
- http://studiounbox.com/?p=9390
- https://patroll.cl/wp-content/uploads/2022/07/AUTODESK_2014_PRODUCTS_UNIVERSAL_KEYGEN_WIN_MACOSX_XFORCE_Ra.pdf
- https://www.jegiq.tv/wp-content/uploads/2022/07/manyahb.pdf
- https://www.careerfirst.lk/sites/default/files/webform/cv/Kvadphoto-Pro-Windows-8-Cracked-1.pdf
- https://infinitynmore.com/2022/07/02/patreon-must-be-destroyed-sims-4/
- https://favs.favelas.top/upload/files/2022/07/RMfZ52uvjk3Uki62sOb7_02_994433dcb56dd417330a0aeb841cfab1_file.pdf
- http://montehogar.com/?p=26892
- https://pianoetrade.com/wp-content/uploads/2022/07/HyperChem808Extra_Quality_FullPortable.pdf
- https://timelessflair.com/wp-content/uploads/2022/07/granhub.pdf
- https://speedsuperads.com/wp-content/uploads/2022/07/salhun-1.pdf
- http://www.tcpdf.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Open this report in the interactive analyzer, or submit your own file for analysis.