Malicious PDF — malware analysis report

Static analysis result for SHA-256 3ddeb7eb891900f2…

MALICIOUS

PDF

130.3 KB Created: 2022-06-11 05:44:00 +02:00 Authoring application: eirshan (via PDF Master 1.0.1) First seen: 2026-06-26
MD5: 363fa01c255aedf63c35a978be6da71c SHA-1: 1cc6b1bfd3762d4ad1e9e7f9183940f6da97ff4b SHA-256: 3ddeb7eb891900f2fcd7481b4e940207042ba2289ebedf1a274098b3014d1212
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0020

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/predication/QmFuZExhYiBDYWtld2FsayAyNi4wMS4wLjI4IENyYWNrIFtMYXRlc3RdIEZyZWUgRG93bmxvYWQQmF/buckley?envirascape=ZG93bmxvYWR8aGE5WVhSbWRueDhNVFkxTkRnNU16RTVNWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA&catalog PDF link annotation
    • http://steamworksedmonton.com/microsoft-office-2016-vl-bulgarian-language-pack-x64-serial-key-hot/In PDF document text
    • https://octopi.nl/wp-content/uploads/2022/06/vlahen.pdfIn PDF document text
    • https://psychomotorsports.com/classic-cars/12947-camp-buddy-free-full-game-download-full/In PDF document text
    • http://www.midwestmakerplace.com/?p=14034In PDF document text
    • https://greenglobalist.com/wp-content/uploads/2022/06/heatala.pdfIn PDF document text
    • https://firstamendment.tv/upload/files/2022/06/fgzrPSSUZhinD5udbqLc_11_6f3ff0f9c2d0df47f602165b65f6b4bd_file.pdfIn PDF document text
    • https://pollynationapothecary.com/wp-content/uploads/2022/06/Free_Download_Mp3_Instrumental_Untuk_Renungan.pdfIn PDF document text
    • https://www.labtika.com/wp-content/uploads/2022/06/Friends_Season_3_Complete_720p_BRrip_Sujaidr_Pimprg.pdfIn PDF document text
    • https://theluxurytilesummit.com/wp-content/uploads/2022/06/amir_enfermeria_medico_quirurgica_tomo_3_zip.pdfIn PDF document text
    • http://www.barberlife.com/upload/files/2022/06/jwtBjBzlLta4bVds1bVs_11_d7ab414a60ddd210383b8a091a65121b_file.pdfIn PDF document text
    • https://www.viizair.com/audio4fun-av-voice-changer-diamond-7-0-29-crack-rh-64-bit/In PDF document text
    • https://igbochat.com/upload/files/2022/06/xCegBRh4Si9ssag1arSt_11_0f32e97f5cf52c0358eba672018f3faa_file.pdfIn PDF document text
    • https://positiverne.dk/wp-content/uploads/FULL_Garmin_MapSource_Bulgaria_OFRM_V501_Off_Road_Map_HOT.pdfIn PDF document text
    • http://www.rutaecologica.com/wp-content/uploads/2022/06/Tekla_Structures_Crack_Serial_Key_2020_Version.pdfIn PDF document text
    • https://www.sartorishotel.it/wp-content/uploads/2022/06/1gb_sample_pdf_file_download.pdfIn PDF document text
    • https://fryter.com/upload/files/2022/06/NgExfno2ECvwgOCXoqbq_11_6f3ff0f9c2d0df47f602165b65f6b4bd_file.pdfIn PDF document text
    • https://bastakiha.ir/wp-content/uploads/2022/06/wandamo.pdfIn PDF document text
    • https://reseauspiral.org/wp-content/uploads/2022/06/Manidweepa_Varnana_In_Telugupdf.pdfIn PDF document text
    • http://el-com.org/wp-content/uploads/2022/06/Dhoom_2_Full_Movie_Hd_1080p_Blu_Ray_1336.pdfIn PDF document text
    • https://nuvocasa.com/wp-content/uploads/2022/06/wendbroo.pdfIn PDF document text
    • https://firstamendment.tv/upload/files/2022/06/fgzrPSSUZhinD5udbqLc_11_6f3ff0f9c2d0df47f602165b65fIn PDF document text
    • https://pollynationapothecary.com/wp-In PDF document text
    • https://www.labtika.com/wp-In PDF document text
    • https://theluxurytilesummit.com/wp-In PDF document text
    • http://www.barberlife.com/upload/files/2022/06/jwtBjBzlLta4bVds1bVs_11_d7ab414a60ddd210383b8a091In PDF document text
    • https://igbochat.com/upload/files/2022/06/xCegBRh4Si9ssag1arSt_11_0f32e97f5cf52c0358eba672018f3faaIn PDF document text
    • https://positiverne.dk/wp-In PDF document text
    • http://www.rutaecologica.com/wp-In PDF document text
    • https://fryter.com/upload/files/2022/06/NgExfno2ECvwgOCXoqbq_11_6f3ff0f9c2d0df47f602165b65f6b4bIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00001240.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1240 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4

Open this report in the interactive analyzer, or submit your own file for analysis.