Malicious PDF — malware analysis report

Static analysis result for SHA-256 191bd9e7e51d96a3…

MALICIOUS

PDF

127.0 KB Created: 2022-06-09 02:27:59 +02:00 Authoring application: odelhiri (via PDF Master 1.0.1) First seen: 2026-06-22
MD5: 01db5915ca294a04d205e55caf7fd8a4 SHA-1: 5f578ad7f8e8626ec331baf1654a2abade82a032 SHA-256: 191bd9e7e51d96a35de715fe852a5334d1a1ba963bad0cc659737b6cce5d36c4
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0234

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/sherin/alkalize/retracted.U2Fwb290IDcyMHAgaGQgbW92aWUgZG93bmxvYWQU2F?hooted=ZG93bmxvYWR8bkI0TVhCdWIzeDhNVFkxTkRjek1EZzRObng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA PDF link annotation
    • http://www.prokaivos.fi/wp-content/uploads/polar_box_crack_free_62.pdfIn PDF document text
    • https://macroalgae.org/portal/checklists/checklist.php?clid=10751In PDF document text
    • http://facebook.jkard.com/upload/files/2022/06/iB3t4WnUaH2ghfMuTUiN_09_87754b6bc270c056ebcacbb1eb9dd2ce_file.pdfIn PDF document text
    • https://arcane-garden-80327.herokuapp.com/rosnel.pdfIn PDF document text
    • https://amirwatches.com/wp-content/uploads/2022/06/PortisheadDummyfullalbumzip.pdfIn PDF document text
    • https://www.lawcodev.com/upload/files/2022/06/IFsKYtmWpzNjAkTPsved_09_490b51c8ed9f30c822ec7e356dac9a0d_file.pdfIn PDF document text
    • https://ueriker-skr.ch/advert/vbreformer-professional-edition-5-4-102/In PDF document text
    • https://www.soroherbaria.org/portal/checklists/checklist.php?clid=76764In PDF document text
    • https://bitcointrading.se/opsydywh/2022/06/HD_Online_Player_Fantastic_Beasts_And_Where_To_Find_T.pdfIn PDF document text
    • https://www.yapi10.com.tr/upload/files/2022/06/ojxIEm9TIVQgVulBSLk7_09_d964fe8c789f22d04e128753e016cd36_file.pdfIn PDF document text
    • https://cosasparamimoto.club/wp-content/uploads/2022/06/desi_sex_girl_image.pdfIn PDF document text
    • https://lichenportal.org/cnalh/checklists/checklist.php?clid=17938In PDF document text
    • https://teenmemorywall.com/wp-content/uploads/2022/06/av_music_morpher_gold_50_58_serial_number_free_17.pdfIn PDF document text
    • https://spaziofeste.it/wp-content/uploads/Codigo_De_Registro_Para_Winzip_111_BEST.pdfIn PDF document text
    • https://shielded-island-52045.herokuapp.com/zeemhome.pdfIn PDF document text
    • https://www.americanchillpodcast.com/upload/files/2022/06/L3o23RQZUG7hksoJNIwt_09_7676c24ca5f3236ea79c95cb5b3df645_file.pdfIn PDF document text
    • http://www.suaopiniao1.com.br//upload/files/2022/06/WO12W2WtAognWVigrSRy_09_87754b6bc270c056ebcacbb1eb9dd2ce_file.pdfIn PDF document text
    • http://steamworksedmonton.com/wp-content/uploads/haleelod.pdfIn PDF document text
    • https://exhibit-at.com/wp-content/uploads/Avi_Online_Youtube_Video_PATCHED_Downloader.pdfIn PDF document text
    • http://facebook.jkard.com/upload/files/2022/06/iB3t4WnUaH2ghfMuTUiN_09_87754b6bc270c056ebcacbb1eb9dd2ce_file.pdIn PDF document text
    • https://www.lawcodev.com/upload/files/2022/06/IFsKYtmWpzNjAkTPsved_09_490b51c8ed9f30c822ec7e356dac9a0d_file.pdIn PDF document text
    • https://www.americanchillpodcast.com/upload/files/2022/06/L3o23RQZUG7hksoJNIwt_09_7676c24ca5f3236ea79c95cb5b3dfIn PDF document text
    • http://www.suaopiniao1.com.br//upload/files/2022/06/WO12W2WtAognWVigrSRy_09_87754b6bc270c056ebcacbb1eb9dd2cIn PDF document text
    • https://serv.biokic.asu.edu/neotrop/plantae/checklists/checklist.php?clid=24254In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00001199.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1199 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4