Malicious PDF — malware analysis report

Static analysis result for SHA-256 0112597a10245a9d…

MALICIOUS

PDF

112.3 KB Created: 2022-09-11 09:14:41 +00:00 Authoring application: chakael (via PDF Master 1.0.1) First seen: 2026-05-28
MD5: b67cc3d693f4ecc848bec31ab61ee49f SHA-1: 4600b15c73af2f87cc95a9b126af932bcd1fdbbb SHA-256: 0112597a10245a9dbe36fdbc988fa8363e1596b51420afae789189defc15c941
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0012

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://esecuritys.com/dimpled/race&S2VybmVsIEhhY2sgVjQgMwS2V/prison&ZG93bmxvYWR8S04yZG5ZMGFIeDhNVFkyTWpZNE1ETTVNSHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/screenplays.leage PDF link annotation
    • https://unsk186.ru/adobe-photoshop-cc-2017-v17-0-1-x86x64-incl-crack-serial-key-top/In PDF document text
    • https://eatketowithme.com/wp-content/uploads/2022/09/marnenn.pdfIn PDF document text
    • http://brotherskeeperint.com/2022/09/twilight-saga-breaking-dawn-part-2-english-subtitles-exclusive-free-download-torrent-hit/In PDF document text
    • https://img.creativenovels.com/images/uploads/2022/09/Spectaculator_8_0_Keygen_UPD_13.pdfIn PDF document text
    • https://www.giftsworldexpo.com/wp-content/uploads/2022/09/Cubase_553_Free_Crackrar.pdfIn PDF document text
    • https://qeezi.com/advert/swiss-manager-pro-v350-free-crack/In PDF document text
    • https://donin.com.br/advert/avid-pinnacle-studio-hd-15-content-pack-v2-0-light-multi-rar/In PDF document text
    • http://theartdistrictdirectory.org/wp-content/uploads/2022/09/megaPackVstPlugin.pdfIn PDF document text
    • https://ebs.co.zw/advert/ao-no-kanata-four-rhythm-crack-hot/In PDF document text
    • https://www.mjeeb.com/jeeva-brahma-aikya-vedanta-rahasyam-pdf-hot/In PDF document text
    • https://www.kingsway.cm/wp-content/uploads/2022/09/Ess_sound_card_driver_es1938s_for_windows_7.pdfIn PDF document text
    • https://vizforyou.com/wp-content/uploads/2022/09/Stk_402_070_Pdf_Download_BETTER.pdfIn PDF document text
    • https://www.webcard.irish/alawar-games-unwrapper-v-1-3-3-cracked-keygen/In PDF document text
    • https://pollynationapothecary.com/wp-content/uploads/2022/09/hamward.pdfIn PDF document text
    • http://climabuild.com/sdc40-yamatake-manual-epub-top/In PDF document text
    • https://swisshtechnologies.com/plata-quemada-burnt-money-2000-dvdrip-paton-avi-link/In PDF document text
    • http://pussyhub.net/saa-green-book-pdf-hot-download/In PDF document text
    • http://steamworksedmonton.com/muvee-reveal-11-keygen-torrent-2021/In PDF document text
    • https://otelgazetesi.com/advert/my-roadies-journey-by-raghu-ram-pdf-free-download-updated/In PDF document text
    • http://amlakzamanzadeh.com/wp-content/uploads/2022/09/Dragon_Ball_Zenkai_Battle_Royale_Pc_Download_Emulador_58.pdfIn PDF document text
    • http://esecuritys.com/dimpled/race&s2vybmvsiehhy2sgvjqgmws2v/prison&zg93bmxvywr8s04yzg5zmgfiedhnvfkytwpzne1ettvnshg4twpvnu1iedhlrtbwsuzkdmntundjbvz6y3lcyldfmu1vbejesuzzeulgqkvsbda/screenplays.leageIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000014bd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x14BD 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off00009ca9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9CA9 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261