PDF static analysis report

Static analysis result for SHA-256 0866c91f0b8c3c36…

SUSPICIOUS

PDF

131.9 KB Created: 2022-07-04 01:40:36 +00:00 Authoring application: hamvall (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: dc60fed4af8728a9d2ee373265305a00 SHA-1: 445c723fc3a5ef74555ef254e04891ae37f4043b SHA-256: 0866c91f0b8c3c3694ee27e19912ca382e71533569ff2217855c5a853aab6e75
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains heuristics indicating it advertises cracked software, with multiple links pointing to such sites. One prominent URL, http://starsearchtool.com/..., appears to be a download lure. While no scripts were directly extracted, the PDF structure and embedded URLs suggest a phishing or malware distribution attempt, likely initiated via spearphishing.

Machine Learning

  • Nyx PDF Classifier clean score 0.0066

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://starsearchtool.com/V2luZG93cyBNb3ZpZSBNYWtlciAoV2luZG93cyBMaXZlIE1vdmllIE1ha2VyKQV2l.celiacs=orgeat.chocked?ktts=ZG93bmxvYWR8VlU0TW0xM2RYeDhNVFkxTmpnNU1qTTFNbng4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk PDF link annotation
    • http://www.covenantmiami.org/wp-content/uploads/2022/07/DialDictate.pdfIn PDF document text
    • http://cyclades.in/en/?p=87666In PDF document text
    • https://inmobiliaria-soluciones-juridicas.com/2022/07/exportzen-1-1-5-crack-activator-win-mac-latest-2022In PDF document text
    • http://namiflorist.com/?p=4691In PDF document text
    • http://chemistrygate.com/wp-content/uploads/2022/07/Shutdown_PC.pdfIn PDF document text
    • http://masajemuscular.com/?p=3541In PDF document text
    • https://arcaoid.xyz/serenity-ad-blocker-crack-license-key-for-pc/In PDF document text
    • https://www.acc.org.bt/sites/default/files/webform/complaints/Neon-Gate.pdfIn PDF document text
    • https://www.comhan.com/en/system/files/webform/colven543.pdfIn PDF document text
    • http://hage-company.com/?p=3242In PDF document text
    • https://coleccionohistorias.com/2022/07/04/winjumble-crack-download-x64-2022/In PDF document text
    • https://orbeeari.com/wp-content/uploads/2022/07/neamora.pdfIn PDF document text
    • https://workplace.vidcloud.io/social/upload/files/2022/07/AOS2HJEvBPhz6kcPhtbQ_04_2c0a27f434e81c49ce143d5515774384_file.pdfIn PDF document text
    • https://juliepetit.com/nvidia-sdk-x64-april-2022/In PDF document text
    • https://www.dandrea.com.br/advert/hideblur-tool-crack-with-keygen-updated-2022/In PDF document text
    • http://sturgeonlakedev.ca/wp-content/uploads/2022/07/ScreaMAV_Express_W32SpyZbot.pdfIn PDF document text
    • https://hirameki.co.in/sites/default/files/webform/resume/mikbayl107.pdfIn PDF document text
    • https://fotofables.com/midi-monitor-crack-download-for-pc-updated-2022/In PDF document text
    • https://inmobiliaria-soluciones-juridicas.com/2022/07/exportzen-1-1-5-crack-activator-win-mac-In PDF document text
    • https://workplace.vidcloud.io/social/upload/files/2022/07/AOS2HJEvBPhz6kcPhtbQ_04_2c0a27f434In PDF document text
    • https://wakelet.com/wake/ZrK4I_ClLBOA-kEIuPsubIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text