Malicious PDF — malware analysis report

Static analysis result for SHA-256 2b666a4f4e4fe136…

MALICIOUS

PDF

125.7 KB Created: 2022-06-09 01:17:56 +02:00 Authoring application: persath (via PDF Master 1.0.1) First seen: 2026-06-17
MD5: 6380ff75a180d8054db11254a3212a75 SHA-1: 29676970d35e935b3d97c2fa08df28365ef9f731 SHA-256: 2b666a4f4e4fe1366cec3ef759cf9cd6ee84ddfe11db5198b978e698569c691a
94 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0015

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/ZG93bmxvYWR8WHY4TldGMWZId3hOalUwTnpJNU56UTJmSHd5TlRrd2ZId29UU2tnVjI5eVpIQnlaWE56SUZ0WVRVeFNVRU1nVmpJZ1VFUkdYUQ/drooling/liechtenstein.shizuoka/similarly/VHV0b3JpYWwgQXJjaGljYWQgMTYgQmFoYXNhIEluZG9uZXNpYQVHV/komodo PDF link annotation
    • https://prestigemarketingpartners.com/wp-content/uploads/2022/06/cx_programmer_91_torrent.pdfIn PDF document text
    • https://palqe.com/upload/files/2022/06/vLl6mZMgs9KawYPpcUIm_08_43c5b0767d9569abca4945a5b05390f5_file.pdfIn PDF document text
    • https://himarkacademy.tech/blog/index.php?entryid=19In PDF document text
    • https://logocraticacademy.org/mission-istanbul-full-movie-720p-download/In PDF document text
    • https://chat.byoe.tv/upload/files/2022/06/7JGTG4MBYiqibuOmhylp_08_e2975995865761be92bf4f2fd330b270_file.pdfIn PDF document text
    • https://zentrum-beyond.de/wp-content/uploads/2022/06/femijay.pdfIn PDF document text
    • https://youfee.de/wp-content/uploads/2022/06/Atithi_Tum_Kab_Jaoge_Hindi_Movie_Utorrent_Free_Download.pdfIn PDF document text
    • https://thefuturegoal.com/upload/files/2022/06/BhlHECsLZcucLytQTm1c_08_e2975995865761be92bf4f2fd330b270_file.pdfIn PDF document text
    • http://www.flexcompany.com.br/flexbook/upload/files/2022/06/FeQO8Lxyoui9BNw2c2L8_08_976e215bd4c52bcb15e412076fc04eb4_file.pdfIn PDF document text
    • https://supermoto.online/wp-content/uploads/2022/06/ledeno_doba_3_ceo_film_na_srpskom_download_movies.pdfIn PDF document text
    • http://dottoriitaliani.it/ultime-notizie/salute/tdu-2-serial-activation-code-top/In PDF document text
    • https://dry-hamlet-25955.herokuapp.com/Rajini_Murugan_Tamil_Movie_Download_Tamilgun.pdfIn PDF document text
    • https://onsitegames.com/wp-content/uploads/2022/06/clayaile.pdfIn PDF document text
    • http://www.hacibektasdernegi.com/wp-content/uploads/eviews_enterprise_edition_70_01_serial_number.pdfIn PDF document text
    • https://sonovision.in/wp-content/uploads/2022/06/Autodesk_AutoCAD_20201_Crack_Full_Torrent_Free.pdfIn PDF document text
    • https://pianoetrade.com/wp-content/uploads/2022/06/automation_studio_p6_crack.pdfIn PDF document text
    • https://wildbienenbox.de/wp-content/uploads/2022/06/jazmherl.pdfIn PDF document text
    • https://oregonflora.org/checklists/checklist.php?clid=20214In PDF document text
    • https://vietnamnuoctoi.com/upload/files/2022/06/pvelruRCakf3qBQyP1SD_08_9f59842e197afda035764a2705f89c43_file.pdfIn PDF document text
    • https://s4academy.s4ds.com/blog/index.php?entryid=369In PDF document text
    • http://www.flexcompany.com.br/flexbook/upload/files/2022/06/FeQO8Lxyoui9BNw2c2L8_08_976e215bd4c52bcb15e412076fc04eb4_fIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off0000125e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x125E 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4

Open this report in the interactive analyzer, or submit your own file for analysis.