PDF static analysis report

Static analysis result for SHA-256 1b391e561f2daa2e…

SUSPICIOUS

PDF

117.9 KB Created: 2022-07-06 03:27:42 +00:00 Authoring application: danoli (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 73789930a706b862784b48774c181310 SHA-1: 145036ca7c365cfadd44c9fd6c5d4a8a6cc05012 SHA-256: 1b391e561f2daa2e7375aa0c2584cb34c3eaf8306eda329e89559bd18e7de10b
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains heuristics indicating it advertises cracked software and includes external URIs. One of the primary external URIs, http://mydrugdir.com/harlet/compostela?..., is flagged as suspicious. The document body is heavily obfuscated and does not provide clear textual lures, but the presence of multiple links to cracked software and a suspicious URL strongly suggests a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier clean score 0.0127

Heuristics 4

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://mydrugdir.com/harlet/compostela?UHMzIEVtdWxhdG9yIDEuMS43IEJpb3MgRnJlZSBEb3dubG9hZAUHM=ZG93bmxvYWR8WUw4TlRJMWQzeDhNVFkxTnpBMk56RTFOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.dasan&procore.defamatory=ilyich PDF link annotation
    • https://houstonhousepc.com/hd-online-player-rab-ne-bana-di-jodi-full-install-movie-downl/In PDF document text
    • http://seoburgos.com/?p=33708In PDF document text
    • https://queery.org/mediafirecom-unlock-personalizationrar-repack/In PDF document text
    • https://marijuanabeginner.com/wp-content/uploads/2022/07/God_Of_War_3_Pc_Game_Free_Download_Utorrentl.pdfIn PDF document text
    • http://rsglobalconsultant.com/silvercrest-sws-150-a1-driver-30/In PDF document text
    • http://galaxy7music.com/?p=50918In PDF document text
    • https://formacorp.unilearn.cl/blog/index.php?entryid=4490In PDF document text
    • http://jasminwinter.com/raajneeti-movie-free-download-dubbed-in-hindi/In PDF document text
    • http://www.b3llaphotographyblog.com/recover-keys-enterprise-v7-0-3-84-x86-ml-incl-crack-new-tordigger/In PDF document text
    • https://www.neteduproject.org/wp-content/uploads/telechargermixcraft7aveccrackgratuit.pdfIn PDF document text
    • http://www.osremanescentes.com/acervo-teologico/kenshi-key-generator-portable/In PDF document text
    • https://bunnsworld.com/wp-content/uploads/2022/07/hesputh.pdfIn PDF document text
    • https://mycoopmed.net/kerio-control-7-3-2-x64-updated-crack-britney-einladungste/In PDF document text
    • http://noverfood.com/?p=5430In PDF document text
    • http://thebrothers.cl/?p=53935In PDF document text
    • https://braingroom.com/blog/index.php?entryid=4972In PDF document text
    • https://marijuanabeginner.com/wp-In PDF document text
    • http://www.b3llaphotographyblog.com/recover-keys-enterprise-v7-0-3-84-x86-ml-incl-crack-new-In PDF document text
    • http://ricschana.yolasite.com/resources/Autograph-3310-Crack-Extra-Quality.pdfIn PDF document text
    • https://nastvepumrejarwa.wixsite.com/porneiriwell/post/caldera-rip-software-top-crack-25In PDF document text
    • https://trello.com/c/4A7411NX/82-download-pocket-tanks-deluxe-cracked-repackIn PDF document text
    • https://wakelet.com/wake/HtIiH4k4_8w6_smJRuchqIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text
    • http://ricschana.yolasite.com/resources/autograph-3310-crack-extra-quality.pdfIn PDF document text