SUSPICIOUS
34
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains heuristics indicating it advertises cracked software and includes external URIs. One of the embedded URLs, http://bestsmartfind.com/imbangala/backpressure/..., appears to be a download link. The presence of these elements suggests a lure to download potentially unwanted or malicious software.
Machine Learning
- Nyx PDF Classifier clean score 0.0094
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://bestsmartfind.com/imbangala/backpressure/ZG93bmxvYWR8cUUyWTNKeVpueDhNVFkxTmpjeE1qTXdOWHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/cuase/micktom.lipoprotien=misted.VGhlIEp1bmdsZSBCb29rIGJlbmdhbGkgbW92aWUgZG93bmxvYWQgaGQVGh PDF link annotation
- http://travelfamilynetwork.com/?p=21514In PDF document text
- http://ontarioinvestigatortraining.ca/blog/index.php?entryid=1520In PDF document text
- http://coquenexus5.com/?p=2261In PDF document text
- https://www.sertani.com/upload/files/2022/07/ODCruBvGvzb1lExdXkaa_02_f4fd5f26324f99e7d762feb981b90e54_file.pdfIn PDF document text
- http://distancelearning-uiz.com/blog/index.php?entryid=3038In PDF document text
- https://elearning.zonuet.com/blog/index.php?entryid=4198In PDF document text
- https://teenmemorywall.com/autocad-mep-2010-32bit-pre-release-incl-keygen-x-force-mumbai-tpb-epub-patched/In PDF document text
- https://citywharf.cn/happy-new-year-full-movie-tamil-dubbed-download-12-cracked/In PDF document text
- https://trikonbd.com/haider-movie-1080p/In PDF document text
- https://recreovirales.com/sex-in-the-city-movie-torrent/In PDF document text
- http://it-labx.ru/?p=54567In PDF document text
- https://intrendnews.com/crack-__hot__-adobe-after-results-cc-12-1-0-168-closing-multilanguage-chingliu/In PDF document text
- https://josebonato.com/sony-catalyst-production-suite-2019-1-keygen-full-version-new/In PDF document text
- https://techessay.org/wp-content/uploads/2022/07/Forever_Dante_Day_Leclaire_Pdf_Freegolkes_EXCLUSIVE.pdfIn PDF document text
- http://www.barberlife.com/upload/files/2022/07/Zf91i6ltjAiEnR5L4rYa_02_f4fd5f26324f99e7d762feb981b90e54_file.pdfIn PDF document text
- https://www.novilinguists.com/sites/default/files/webform/laurqady923.pdfIn PDF document text
- http://vogelmorntennisclub.com/?p=3898In PDF document text
- https://www.plori-sifnos.gr/javaversion6update4532bitdownload-top/In PDF document text
- https://floating-meadow-88537.herokuapp.com/gujarati_essay_book_free_download.pdfIn PDF document text
- https://caas.yale.edu/system/files/webform/linguaphone-english-course-free-download-509.pdfIn PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off0000175d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x175D | 123000 bytes |
SHA-256: 9d9aa821f7a2cbc22e95fac66811c900afdc6cfb4a8c50ea5360b5035f65afe7 |
|||
stream_009_off0001c023.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C023 | 119072 bytes |
SHA-256: df221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.