PDF static analysis report

Static analysis result for SHA-256 04609c4efe756b6c…

SUSPICIOUS

PDF

119.9 KB Created: 2022-07-04 05:38:47 +00:00 Authoring application: kaimagu (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: abfcdf5fbbc2b47c455815db28885800 SHA-1: d634e74edb6e12c0c56aa1064fde231466430f2c SHA-256: 04609c4efe756b6c9ff1e90f075228e3eba1ba5baa3cca1cc86b48f390c1e482
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple heuristics indicating it is a lure for cracked software. It embeds external URLs, one of which is specifically flagged as advertising cracked software. The primary URL, http://find24hs.com/egret/impresser/..., likely serves as a download redirector for the advertised pirated software.

Machine Learning

  • Nyx PDF Classifier clean score 0.0090

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://find24hs.com/egret/impresser/?paean=ZG93bmxvYWR8ZUo1T0dOeWEzeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.seroconverter.UGVyZmVjdERpc2sgSG9tZSBQcmVtaXVtUGV.cavernous PDF link annotation
    • http://mentalismminds.com/spirograph-keygen-win-mac-latest/In PDF document text
    • https://hotelforestia.fr/?p=32137In PDF document text
    • http://www.africainquirer.com/playstation-3-icons-crack-with-license-code-download-3264bit/In PDF document text
    • http://worldwidefellowship.org/?p=18399In PDF document text
    • https://shielded-caverns-03125.herokuapp.com/1More_PhotoCalendar.pdfIn PDF document text
    • https://bonnethotelsurabaya.com/wp-content/uploads/AutoMat__Crack_With_Keygen_Download_X64.pdfIn PDF document text
    • https://evening-refuge-97970.herokuapp.com/DVD_Knife.pdfIn PDF document text
    • https://www.scoutgambia.org/wp-content/uploads/2022/07/Ghostery_Midnight.pdfIn PDF document text
    • https://thepeak.gr/wp-content/uploads/2022/07/PatOut__Crack___License_Keygen_Download_Updated.pdfIn PDF document text
    • https://www.debeiaard-utrecht.nl/advert/drawtify-logo-maker-animator-crack-serial-key-free-download-pc-windows/In PDF document text
    • https://recreovirales.com/id3tidy-crack-activation-code-free-download-2022/In PDF document text
    • http://flxescorts.com/?p=7412In PDF document text
    • https://thefuturegoal.com/upload/files/2022/07/vcWhgkgYNGtLUiJckEPq_04_535e9fee787e8a9fce3f704b5e60dff0_file.pdfIn PDF document text
    • http://imagesmagazinelr.com/?p=2835In PDF document text
    • https://farmaciacortesi.it/geniusconnect-crack-with-license-code-april-2022/In PDF document text
    • https://www.cameraitacina.com/en/system/files/webform/feedback/nfs-blue-globus.pdfIn PDF document text
    • https://bonnethotelsurabaya.com/wp-In PDF document text
    • https://thepeak.gr/wp-In PDF document text
    • https://www.debeiaard-utrecht.nl/advert/drawtify-logo-maker-animator-crack-serial-key-free-In PDF document text
    • https://thefuturegoal.com/upload/files/2022/07/vcWhgkgYNGtLUiJckEPq_04_535e9fee787e8a9fce3f70In PDF document text
    • https://laquandautsey1633v.wixsite.com/tertigarni/post/x-jampal-crack-latestIn PDF document text
    • https://wakelet.com/wake/0SeURxQAkdiF0ywltnNBBIn PDF document text
    • https://clicfilmsenza.wixsite.com/trelupadge/post/windows-uac-disabler-crack-for-windowsIn PDF document text
    • https://www.colorado.edu/biochemistry/system/files/webform/chemsketch.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text