PDF static analysis report

Static analysis result for SHA-256 401ef2daae7a3bfb…

SUSPICIOUS

PDF

111.0 KB Created: 2022-07-03 16:01:25 +00:00 Authoring application: origoct (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: e6cca0fee54a8cd58e2f41d6650b3240 SHA-1: 847f800704ab48ea32de5515a61e4a2b9fb36935 SHA-256: 401ef2daae7a3bfb1e4726c822d72c6a959550bc2bc7765a86d6343da048452c
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF document contains multiple links to websites advertising cracked software, indicating a lure for users to download potentially malicious applications. One of the embedded URIs, http://signforcover.com/graves/novocaine/disempowerment.polihua/..., is particularly suspicious and likely serves as a download source for a second-stage payload. The document body itself is heavily obfuscated and does not provide direct clues to the user-facing lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0201

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://signforcover.com/graves/novocaine/disempowerment.polihua/ZG93bmxvYWR8c2Y3ZDNaNFlYeDhNVFkxTmpjM01UZ3hPSHg4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=VGhlIEZpcnN0IFRlbXBsYXIgUHJvZHVjdCBLZXkgU2VyaWFsIE51bWJlcgVGh.oblivion.peppery PDF link annotation
    • http://titanmachine.com/sites/default/files/webform/3-Metra-Iznad-Neba-Ceo-Film-Sa-Prevodom-Free-11.pdfIn PDF document text
    • https://thadadev.com/hd-online-player-el-quinto-elemento-720p-latino-20-repack/In PDF document text
    • https://ancient-woodland-13796.herokuapp.com/Veronisoft_IP_Net_Checker_v1534_3264bit_with_Key_TorDigge_Se.pdfIn PDF document text
    • http://www.ndvadvisers.com/patched-adobe-after-effects-cc-2018-v15-0-0-180-crack-cracksnow-verified/In PDF document text
    • https://www.reperiohumancapital.com/system/files/webform/Mythica-A-Quest-for-Heroes-720p.pdfIn PDF document text
    • https://mandarinrecruitment.com/system/files/webform/crack-deepfreeze-standard-7220603453-serial-latest.pdfIn PDF document text
    • https://farmaciacortesi.it/wp-content/uploads/2022/07/janjan.pdfIn PDF document text
    • https://instafede.com/crack-updated-no-cd-eragon-series/In PDF document text
    • http://newsafrica.world/?p=33865In PDF document text
    • https://mandarinrecruitment.com/system/files/webform/solvusoft-fileviewpro-2013-1500-portable.pdfIn PDF document text
    • https://iaeaskiclub.org/system/files/webform/banktransfers/yeh-kaisi-mohabbat-720p-movie-download-utorrent.pdfIn PDF document text
    • https://dhakahalalfood-otaku.com/download-720p-days-of-tafree-movies-in-hindi-verified/In PDF document text
    • https://purosautosdallas.com/2022/07/03/latency-optimizer-4-0-full-full-version-torrent/In PDF document text
    • https://bharatiyadoot.com/���������������������/72454/In PDF document text
    • https://ontimewld.com/upload/files/2022/07/SNL3GgKHnbhQ1zkxjxpA_03_034285de05d6000cf3bb284069539f53_file.pdfIn PDF document text
    • https://kcachurch.org/2022/07/03/iso-11064-pdf-free-download-upd/In PDF document text
    • https://lalinea100x100.com/2022/07/03/jilebi-malayalam-movie-download-hd-new/In PDF document text
    • https://www.riobrasilword.com/wp-content/uploads/2022/07/SketchUp_Pro_2019_Crack_Plus_License_Key_Full_NEW_Torrent_Free.pdfIn PDF document text
    • https://gsmile.app/upload/files/2022/07/xP9Jlh4MRS6P6DLXvZer_03_cf7cbf16ae8e00ccd3ab720e88426d1b_file.pdfIn PDF document text
    • https://www.reperiohumancapital.com/system/files/webform/Ccnp-Lab-Manual-Pdf-Free-655.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text