Malicious PDF — malware analysis report

Static analysis result for SHA-256 011f6669b327c271…

MALICIOUS

PDF

126.4 KB Created: 2022-07-28 12:09:26 +00:00 Authoring application: balfor (via PDF Master 1.0.1) First seen: 2026-05-27
MD5: f424260d8eef1e347c7fa4fbf67825e6 SHA-1: 04ce8c75f9fc1adff6d854ca59afaab6f15a1c0e SHA-256: 011f6669b327c271f33e9d1371cb22a633084a06d9883753663ed030f5b9e9b8
74 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0008

Heuristics 4

  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://mydrugdir.com/exorcize/peppermints/?lugs=jenners&ZG93bmxvYWR8bXA0Ym5VMVkzeDhNVFkxT0RJeE9UUTNNM3g4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA=&sensations=aGVhdCBhbmQgbWFzcyB0cmFuc2ZlciBieSBkcyBrdW1hciBwZGYgZnJlZSBkb3dubG9hZAaGV PDF link annotation
    • https://www.apokoronews.gr/advert/canon-pixma-service-mode-tool-version-1-050-21-free/In PDF document text
    • https://www.plori-sifnos.gr/staadfoundationadvancedv8iver60crack-work/In PDF document text
    • https://albaganadera.com/borderlands-game-of-the-year-key-serial-numberl-verified/In PDF document text
    • https://www.alnut.com/ocommunity-suite-v3-2-keygen-crack-__exclusive__/In PDF document text
    • https://blackbusinessdirectories.com/wp-content/uploads/2022/07/kermlar.pdfIn PDF document text
    • https://pneuscar-raposo.com/wp-content/uploads/2022/07/daraled.pdfIn PDF document text
    • http://lalinea100x100.com/?p=68355In PDF document text
    • https://dogrywka.pl/ps2-system-data-ps3-slim-free-download-2021/In PDF document text
    • http://adomemorial.com/2022/07/28/full-alien-skin-plugins-for-adobe-photoshop-all-in-one-with-serials-patched/In PDF document text
    • https://ozarkinstitute.oncospark.com/wp-content/uploads/2022/07/Upravljanje_Marketingom_Kotler_Pdf_Download_NEW.pdfIn PDF document text
    • https://www.ricardovidal.net/wp-content/uploads/2022/07/xankam.pdfIn PDF document text
    • https://smartictbd.com/2022/07/28/hd-online-player-shooter-2015-hindi-720p-torrent-free/In PDF document text
    • https://portalnix.com/revo-uninstaller-pro-4-2-3-crack-exclusive-portable-license-key/In PDF document text
    • https://www.bg-frohheim.ch/bruederhofweg/advert/mutant-year-zero-road-to-eden-seed-of-evil-codex-repack/In PDF document text
    • http://madshadowses.com/ibm-viavoice-gold-v-5-free-top-download/In PDF document text
    • http://topfleamarket.com/?p=53921In PDF document text
    • https://www.cr-comores.org/wp-content/uploads/2022/07/Bibleworks_10_Serial_Key_Keygenl.pdfIn PDF document text
    • https://www.yesinformation.com/hack-portable-uniblue-registrybooster-2009/In PDF document text
    • https://www.2tmstudios.com/fast-amp-furious-7-english-1-tamil-high-quality-full-movie-hd-1080p/In PDF document text
    • http://mydrugdir.com/exorcize/peppermints/?lugs=jenners&zg93bmxvywr8bxa0ym5vmvkzedhnvfkxt0rjee9uutnnm3g4twpvnu1iedhlrtbwsuzkdmntundjbvz6y3lcyldfmu1vbejesuzzeulgqkvsbda=&sensations=agvhdcbhbmqgbwfzcyb0cmfuc2zlcibiesbkcybrdw1hcibwzgygznjlzsbkb3dubg9hzaagvIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_009_off00018af4.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x18AF4 119072 bytes
SHA-256: df221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7
font_00_sfnt_off00000fa5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xFA5 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off00009791.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9791 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261