PDF static analysis report

Static analysis result for SHA-256 1233d655715f67c6…

SUSPICIOUS

PDF

247.0 KB Created: 2022-07-06 02:12:33 +00:00 Authoring application: westdar (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 6dea9cbe105a99943140accb2ea1bc70 SHA-1: a8305578ddb6d0270ad1ce4b654902f794922163 SHA-256: 1233d655715f67c662de8855b21534d21db5a156f37beefbf935a5d0537f3295
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains heuristics indicating it is a lure for cracked software, with multiple links to external sites. One of the embedded URLs, http://starsearchtool.com/..., is particularly suspicious and likely serves as a download redirector. No scripts were extracted, but the presence of external links suggests an attempt to trick the user into downloading potentially malicious software.

Machine Learning

  • Nyx PDF Classifier clean score 0.0104

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://starsearchtool.com/dummies/rett/rationalist?ZG93bmxvYWR8ak84TW5scWRueDhNVFkxTnpBMk56RTFOSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk.horacio.packerinsider.YWxmYSBvYmQgY3JhY2sgYXBrYWx PDF link annotation
    • https://infraovensculinary.com/wp-content/uploads/2022/07/compphil.pdfIn PDF document text
    • https://emmviron.com/wp-content/uploads/2022/07/gerris.pdfIn PDF document text
    • http://www.sweethomeslondon.com/?p=In PDF document text
    • https://honorrolldelivery.com/wp-content/uploads/2022/07/wyntcarr.pdfIn PDF document text
    • https://wanaly.com/upload/files/2022/07/FEQRTWbaQ3zNOs2w8C9o_06_325f69df10a5f82429da108c71a427d2_file.pdfIn PDF document text
    • https://kraftur.org/wp-content/uploads/2022/07/HD_Online_Player_Bhaag_Milkha_Bhaag_Movie_In_Hindi_Do.pdfIn PDF document text
    • https://ninarkids.com/wp-content/uploads/2022/07/schailli.pdfIn PDF document text
    • https://rebatecircle.com/wp-content/uploads/2022/07/Dmc_Devil_May_Cry_Fixer_103rar_.pdfIn PDF document text
    • https://ragana.ir/wp-content/uploads/2022/07/CCS_PCWHD_V4114_PIC_C_Compilerrar.pdfIn PDF document text
    • https://geto.space/upload/files/2022/07/4C3iSAjJVjeFINdEl8kB_06_095bda59639330ba77273dd5c002a316_file.pdfIn PDF document text
    • https://bluesteel.ie/wp-content/uploads/2022/07/fsx_demo_time_limit_crackrar.pdfIn PDF document text
    • https://www.an.uy/upload/files/2022/07/MTR1QLJMKtyCS9ziI37l_06_afade98d1bedec1f1fa3783773517a2c_file.pdfIn PDF document text
    • https://www.ptreb.com/sites/default/files/webform/modesant135.pdfIn PDF document text
    • https://rastadream.com/wp-content/uploads/2022/07/Swades_Full_Movie_In_Hindi_Hd_1080p_2012_In_Hindi_BEST.pdfIn PDF document text
    • https://boiling-plateau-28573.herokuapp.com/radlarm.pdfIn PDF document text
    • https://budgetparticipatifnivernais.fr/wp-content/uploads/2022/07/Techies_Script_Dota_2_17.pdfIn PDF document text
    • https://trello.com/c/FYdI3ANW/43-gaia-synthesizer-sound-designer-better-crackIn PDF document text
    • https://janeanzwicker830ph.wixsite.com/inmelnewsco/post/tenorshare-android-data-recovery-4-3-0-0-crack-install-final-nov2015-s-64-bitIn PDF document text
    • https://fch.lisboa.ucp.pt/system/files/webform/w7xle-windows-7-activator-crack.pdfIn PDF document text
    • https://trello.com/c/XkymmGoH/52-siemens-step-7-microwin-v40-fullrar-bestIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text