Malicious PDF — malware analysis report

Static analysis result for SHA-256 011e4a85bea8c95f…

MALICIOUS

PDF

140.0 KB Created: 2022-07-18 23:45:17 +00:00 Authoring application: jamedmo (via PDF Master 1.0.1) First seen: 2026-05-28
MD5: fac401426adf1db9f7766a84cf7a3ff3 SHA-1: 998fe5cab33bd9ee19fec812b2992a83b12e7a82 SHA-256: 011e4a85bea8c95fa212b7b940ad537248e3cc6967ebd1fbf395a84eaa072dad
74 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0006

Heuristics 4

  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://blogbasters.com/absconded/concrete/bernd.QXV0b0Jvb2ttYXJrIFBsdWctaW4gZm9yIEFkb2JlIEFjcm9iYXQgcHJlLWFjdGl2YXRlZAQXV?/marketing/plummeting/sextoytesters/thar.ZG93bmxvYWR8dXQzTVRSaU5HbDhmREUyTlRnd01EWTJPVGw4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk PDF link annotation
    • https://www.voyavel.it/the-origin-of-rice-myth-nabaloi-version-rapidshare/In PDF document text
    • https://polyglothealth.com/wp-content/uploads/Program_Carti_De_Vizita_Free_Download.pdfIn PDF document text
    • http://karnalketo.com/pronest822withcrackdownload-2021/In PDF document text
    • http://lotem-jewelry.com/?p=48271In PDF document text
    • https://fotofables.com/alice-and-simone-swallow-live-fish-and-micerar/In PDF document text
    • https://ayusya.in/hager-planungssoftware-elcom-5-1-hawking-soundtracks/In PDF document text
    • http://www.ndvadvisers.com/paypal-money-hacker-v2-8-july-2013-rar/In PDF document text
    • https://mediquestnext.com/wp-content/uploads/2022/07/valbunn-1.pdfIn PDF document text
    • https://brutalrecords.com/wp-content/uploads/2022/07/birdharb.pdfIn PDF document text
    • http://www.giffa.ru/who/alpha-blondy-jah-victory-full-album-zip-fixed/In PDF document text
    • https://www.crypto-places-directory.com/wp-content/uploads/2022/07/geofpel.pdfIn PDF document text
    • https://betrayalstories.com/lectra-kaledo-style-v1r1c11-cracked-install/In PDF document text
    • http://yorunoteiou.com/?p=575746In PDF document text
    • https://speedhunters.al/wp-content/uploads/2022/07/Download_EXCLUSIVE_Dhoom_2_Torrent.pdfIn PDF document text
    • https://thoitranghalo.com/2022/07/18/hd-online-player-dobaara-see-your-evil-kannada-movi-__link__/In PDF document text
    • http://www.male-blog.com/2022/07/18/style-works-xt-universal-crack-hot/In PDF document text
    • https://www.theblender.it/kontakt-6-v7-8-1-unlocked-crack-link/In PDF document text
    • http://xn----7sbahcaua4bk0afb7c9e.xn--p1ai/opinioni-di-un-clown-pdf-13/In PDF document text
    • https://www.gifmao.com/wp-content/uploads/2022/07/janvan.pdfIn PDF document text
    • http://spacebott.com/?p=12762In PDF document text
    • http://blogbasters.com/absconded/concrete/bernd.qxv0b0jvb2ttyxjrifbsdwctaw4gzm9yiefkb2jliefjcm9iyxqgchjllwfjdgl2yxrlzaqxv?/marketing/plummeting/sextoytesters/thar.zg93bmxvywr8dxqztvrsau5hbdhmreuytlrnd01ewtjpvgw4zkrjmu9uqjhmq2hos1ncwgizsmtjsepsyznnz1cxae5urkpruxlcv01pqlfsrvpkIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000298e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x298E 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000b17a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB17A 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261