PDF static analysis report

Static analysis result for SHA-256 11ee9ee4ed4e7c4c…

SUSPICIOUS

PDF

119.3 KB Created: 2022-07-07 20:17:53 +00:00 Authoring application: damdall (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 446f95030e52eea3869939264dbf5570 SHA-1: bcc18db165d00c68f91658f610f9127ded6adeef SHA-256: 11ee9ee4ed4e7c4c7be8b875539df0784ccbbbe2687b1ace2c5e62491862bac7
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains heuristics indicating it advertises cracked software, with multiple links pointing to such content. One of the embedded URIs, http://rocketcarrental.com/alrighty/annoyingly/empathized&WmF2b2xpIEJvbGVzdCBTdm9qdSBQZGYgMTMWmF/ZG93bmxvYWR8ZTdzTTJGa2FueDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/captured.hazing, is likely a download link for a malicious payload. The document's purpose appears to be distributing malware disguised as cracked software.

Machine Learning

  • Nyx PDF Classifier clean score 0.0149

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rocketcarrental.com/alrighty/annoyingly/empathized&WmF2b2xpIEJvbGVzdCBTdm9qdSBQZGYgMTMWmF/ZG93bmxvYWR8ZTdzTTJGa2FueDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/captured.hazing PDF link annotation
    • https://togetherwearegrand.com/the-science-of-love-by-john-baines-pdf-11-work/In PDF document text
    • https://germanconcept.com/hd-online-player-the-tower-2012-korean-movie-watch-on/In PDF document text
    • https://simpeltv.dk/antares-autotune-evo-vst-rtas-v6-0-9-proper-air-rar/In PDF document text
    • http://www.chelancove.com/update-call-name-pes-6-terbaru-2021/In PDF document text
    • https://www.instance.ro/2022/07/07/download-repackfilmindiakabhikhushikabhighambahasaindonesia/In PDF document text
    • https://marido-caffe.ro/2022/07/07/download-300-rise-of-an-empire-2014-bluray-work/In PDF document text
    • https://www.calinews.pf/advert/indian-paper-money-catalogue-pdf-download-fix/In PDF document text
    • https://www.soonaradio.com//upload/files/2022/07/pFwTzQeGCn6LFoOPC4gE_07_187b3a7e2bf4f13dbdb13c93896b9709_file.pdfIn PDF document text
    • https://khakaidee.com/pes-2013-emin-zevkliler-turkce-spiker-pesbox-com-part1-rar/In PDF document text
    • https://gobigup.com/kaspersky-small-office-security-seriais-90-dias-serial-key-keygen-updated/In PDF document text
    • http://www.ndvadvisers.com/real-time-labor-guide-keygen-torrent-2021/In PDF document text
    • http://sturgeonlakedev.ca/?p=40418In PDF document text
    • https://womss.com/chillar-party-1-full-movie-in-hindi-720p-work/In PDF document text
    • https://www.amphenolalden.com/system/files/webform/petsun225.pdfIn PDF document text
    • https://over-the-blues.com/advert/total-war-medieval-rome-and-medieval-2-all-expansions-iso-new/In PDF document text
    • https://www.nepsy.com/advert/licsw-5/In PDF document text
    • https://www.cameraitacina.com/en/system/files/webform/feedback/andrdari983.pdfIn PDF document text
    • https://www.lbbskin.com/journal/heroes-of-might-and-magic-5-collectors-edition-upd-crack/In PDF document text
    • https://www.instance.ro/2022/07/07/download-In PDF document text
    • https://www.soonaradio.com//upload/files/2022/07/pFwTzQeGCn6LFoOPC4gE_07_187bIn PDF document text
    • https://gobigup.com/kaspersky-small-office-security-seriais-90-dias-serial-key-keygen-In PDF document text
    • https://over-the-blues.com/advert/total-war-medieval-rome-and-medieval-2-all-In PDF document text
    • https://www.lbbskin.com/journal/heroes-of-might-and-magic-5-collectors-edition-upd-In PDF document text
    • https://trello.com/c/6PPr42BY/55-flash-memory-toolkit-201-upd-full-version-serial-number-26In PDF document text
    • http://diatutic.yolasite.com/resources/Men-Of-War-Assault-Squad-Serial-Key.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • https://trello.com/c/6PPr42BY/55-flash-memory-toolkit-201-upd-full-version-serial-In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text