Malicious PDF — malware analysis report

Static analysis result for SHA-256 08d520b39c67dfc6…

MALICIOUS

PDF

145.5 KB Created: 2022-07-04 05:03:38 +00:00 Authoring application: malbird (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: fbc778d18878529d7d073ba056e55ce0 SHA-1: 6d6c8e40cfbccd19c9ceedd6d64a587582877e4c SHA-256: 08d520b39c67dfc67ff8f0075122c4755610f664e857f26ec5304efe2ff4ed24
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, many of which advertise cracked software, indicating a lure for users seeking pirated applications. One of the embedded URLs, http://bestentrypoint.com/creaturehood/Q2FuZHlDYW5lcyBTY3JlZW4gU2F2ZXIQ2F/richmond/forking/carsten.levox?&ours=ZG93bmxvYWR8cXg4TjJwMlpueDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA, is likely a download URL for a second-stage payload. The PDF structure and link farm suggest a malicious document designed for distribution.

Machine Learning

  • Nyx PDF Classifier clean score 0.0059

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bestentrypoint.com/creaturehood/Q2FuZHlDYW5lcyBTY3JlZW4gU2F2ZXIQ2F/richmond/forking/carsten.levox?&ours=ZG93bmxvYWR8cXg4TjJwMlpueDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA
    • https://hestur.se/upload/files/2022/07/GZiHnKbwwaql2hlE1e16_04_aeb31801935f15b8e5ac45c233050c4c_file.pdf
    • https://song-signs.com/dos-modplayer-crack-lifetime-activation-code-download/
    • http://protondigital.xyz/?p=1211
    • https://www.gifmao.com/wp-content/uploads/2022/07/PaintFX__Crack__For_PC_Final_2022.pdf
    • https://honorrolldelivery.com/wp-content/uploads/2022/07/SPEEDbit_Video_Downloader_and_Converter.pdf
    • https://social.mactan.com.br/upload/files/2022/07/iBSarbA2cGsucNavA6ex_04_aeb31801935f15b8e5ac45c233050c4c_file.pdf
    • https://immense-tor-69704.herokuapp.com/BirdData.pdf
    • https://ninja-hub.com/mahtweets-1-5-2-crack-torrent-activation-code-download/
    • http://feelingshy.com/ovulation-calc-for-windows-8-activation-key-download-win-mac/
    • https://technospace.co.in/upload/files/2022/07/9p159SAAJ6J4CczIRdMM_04_aeb31801935f15b8e5ac45c233050c4c_file.pdf
    • https://dd-school.com/wp-content/uploads/2022/07/litedb_explorer_crack__registration_code.pdf
    • http://www.medvedy.cz/wp-content/uploads/Diagram_Ring.pdf
    • http://www.bigislandltr.com/wp-content/uploads/2022/07/Quick_Ping_Monitor_IPV6.pdf
    • https://cashonhomedelivery.com/health-care/media-preview-crack-latest/
    • https://empoweresports.com/db-organizer-deluxe-registration-code-latest-2022/
    • https://walter-c-uhler.com/wp-content/uploads/2022/07/Free_Image_To_PDF_Converter__Crack___Free.pdf
    • https://smartbizad.com/advert/colorcab-crack-with-license-key-free-download-2022-new/
    • https://vedgeing.com/wp-content/uploads/2022/07/Geosoft_Desktop_Cataloger__Crack__Activation_Code_For_Windows_Updated.pdf
    • https://pacific-wave-35450.herokuapp.com/BASIC256_Portable.pdf
    • https://hestur.se/upload/files/2022/07/GZiHnKbwwaql2hlE1e16_04_aeb31801935f15b8e5ac45c233050c4c_file.p
    • https://social.mactan.com.br/upload/files/2022/07/iBSarbA2cGsucNavA6ex_04_aeb31801935f15b8e5ac45c23305
    • https://technospace.co.in/upload/files/2022/07/9p159SAAJ6J4CczIRdMM_04_aeb31801935f15b8e5ac45c233050c
    • https://vedgeing.com/wp-
    • http://epprovday.yolasite.com/resources/Video-Surveillance-WebCam-Software-Basic-4-Camera-System--Crack-Torrent-Free-Download-2022Latest.pdf
    • http://www.tcpdf.org
    • http://epprovday.yolasite.com/resources/Video-Surveillance-WebCam-Software-Basic-4-Camera-System--Crack-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/
    • http://epprovday.yolasite.com/resources/video-surveillance-webcam-software-basic-4-camera-system--crack-torrent-free-download-2022latest.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.