Malicious PDF — malware analysis report

Static analysis result for SHA-256 1dc93d703f79fcdb…

MALICIOUS

PDF

115.6 KB Created: 2022-09-12 00:33:53 +00:00 Authoring application: uluzily (via PDF Master 1.0.1) First seen: 2026-05-30
MD5: 9d784623a47540f48454360ca56b1fd0 SHA-1: cbc9554cc2389710380ea4735be3d6540008162b SHA-256: 1dc93d703f79fcdba097ca1dadee8c91dee971ca7966e2100741ae0948993d20
74 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0009

Heuristics 4

  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://seachtop.com/?codifying=/dunkelman/furry/proxemics/V2FrYXJ1dmVyYmV0YVRvcnJlbnREb3dubG9hZExpY2Vuc2UV2F/ZG93bmxvYWR8bHE0TVRObU1taDhmREUyTmpJMk9EQXpPVEI4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk/jozi/uploading/slacks/ PDF link annotation
    • http://marido-caffe.ro/?p=23971In PDF document text
    • http://fixforpc.ru/ogboju-ode-ninu-igbo-irunmole-pdf-20/In PDF document text
    • https://topgiftsforgirls.com/autocad-2014-xforce-keygen-32-bit-hot/In PDF document text
    • http://yotop.ru/2022/09/12/toad-for-oracle-9-7-0-51-portable-25-free-topstyle-hardteck-g/In PDF document text
    • https://snackchallenge.nl/2022/09/12/object-dock-2-2-keygen-top/In PDF document text
    • https://www.voyavel.it/wp-content/uploads/2022/09/Lausarot_Vaglio_Stechiometria_Pdf_36.pdfIn PDF document text
    • https://nextgenbioproducts.com/wp-content/uploads/2022/09/RonyaSoft_CD_DVD_Label_Maker_329_Crack_2021.pdfIn PDF document text
    • https://greenboxoffice.ro/8681l-ic-datasheet-pdf-download-__full__/In PDF document text
    • https://www.beaches-lakesides.com/realestate/workncv21torrent/In PDF document text
    • https://alafdaljo.com/himnario-celebremos-su-gloria-con-acordes-pdf-139/In PDF document text
    • https://duolife.academy/item-pak-aion-3-7-__top__/In PDF document text
    • https://vamaveche2mai.ro/wp-content/uploads/2022/09/BIO_RAD_QUANTITY_ONE_V22_LND_zip-1.pdfIn PDF document text
    • https://lockdownrank.com/wp-content/uploads/2022/09/HD_Online_Player_Call_Of_Duty_Black_Ops_2_Multiplayer.pdfIn PDF document text
    • http://sagitmymindasset.com/?p=26272In PDF document text
    • https://www.verenigingvalouwe.nl/advert/stellar-phoenix-sql-database-repair-fix-keygen-42/In PDF document text
    • https://immobiliarelariviera.com/wp-content/uploads/2022/09/Euro_Truck_Simulator_2_1101_Crack_118.pdfIn PDF document text
    • http://insenergias.org/?p=81497In PDF document text
    • https://kalapor.com/denise-audio-��-bad-tape-1-0-1-vst-vst3-aax-au-win-osx-x86-x64/In PDF document text
    • http://mariana-flores-de-camino.com/?p=23127In PDF document text
    • https://greybirdtakeswing.com/f-22-lightning-3-no-cd-exclusive-crack-download/In PDF document text
    • https://nextgenbioproducts.com/wp-In PDF document text
    • https://lockdownrank.com/wp-In PDF document text
    • http://seachtop.com/?codifying=/dunkelman/furry/proxemics/v2fryxj1dmvyymv0yvrvcnjlbnreb3dubg9hzexpy2vuc2uv2f/zg93bmxvywr8bhe0tvrobu1tadhmreuytmpjmk9eqxppvei4zkrjmu9uqjhmq2hos1ncwgizsmtjsepsyznnz1cxae5urkpruxlcv01pqlfsrvpk/jozi/uploading/slacks/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001fbc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1FBC 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000a7a8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA7A8 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261