PDF static analysis report

Static analysis result for SHA-256 4045410ad8eab375…

SUSPICIOUS

PDF

123.7 KB Created: 2022-07-02 00:19:18 +02:00 Authoring application: kammand (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: ecde342cd4617afb31908dea12fe5b80 SHA-1: c560125ceca63d6dae249d9b86dc72b0980fa507 SHA-256: 4045410ad8eab3758618cfe067f03f8aca7fa4fc19f2cd836cfaddd2c4bc5f3a
44 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a link disguised as a legitimate resource, likely intended to trick the user into downloading a secondary payload. The heuristic PDF_RANDOM_URL_LINK specifically flags this suspicious link, indicating a social engineering attempt. The embedded URL also points to a potentially malicious resource.

Machine Learning

  • Nyx PDF Classifier clean score 0.0141

Heuristics 3

  • PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINK
    PDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://emailgoal.com/S25pdmVzIE91dCAyMDE5IEVuZ2xpc2ggNDgwcCBEVkRTY3IgMzAwTUIS25/animatronics/sebum/daredevils/ZG93bmxvYWR8Tms1YURCdWZId3hOalUyTnpFeU16QTFmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww/kerry=indomethicin/repulsed.shooters PDF link annotation
    • https://facepager.com/upload/files/2022/07/nwz15StwZRIBUduPLLsP_01_6572645c9137f8c67f3130783d3d11ba_file.pdfIn PDF document text
    • http://ayoolahraga.id/?p=16954In PDF document text
    • https://www.oenofrance.com/sites/oenofrance.com/files/webform/hassbam324.pdfIn PDF document text
    • https://www.girlkindproject.org/vdmax-3-0-marceneiro-keygen-generator-new/In PDF document text
    • https://www.raven-guard.info/wp-content/uploads/2022/07/Meese_Hotta_Gandasige_Demandappo_Demandu_Kannada_Full_Movie_.pdfIn PDF document text
    • https://coleccionohistorias.com/2022/07/01/nagpasha-nagraj-comics-download-hot-43/In PDF document text
    • http://debbiejenner.nl/i-want-you-2012-english-subtitles-720p-high-quality/In PDF document text
    • http://imeanclub.com/?p=72642In PDF document text
    • https://solvefortomorrow.com/upload/files/2022/07/T6B9OfpQZC8IASce88IQ_01_8b6abea6b7ca28c826e3dc21e69fe053_file.pdfIn PDF document text
    • https://shanajames.com/2022/07/01/misbah-biabani-books-download-pdf-better/In PDF document text
    • https://inmobiliaria-soluciones-juridicas.com/2022/07/the-tower-2012-english-subtitleIn PDF document text
    • http://www.webvideoexperts.com/wp-content/uploads/2022/07/janayas.pdfIn PDF document text
    • https://www.reptisell.com/woh-lamhe-full-song-hd-1080p-exclusive/In PDF document text
    • http://stashglobalent.com/?p=34193In PDF document text
    • https://talkotive.com/upload/files/2022/07/HWdiJfSS7HMT1Gn4tLXY_01_6572645c9137f8c67f3130783d3d11ba_file.pdfIn PDF document text
    • http://www.essexheritage.org/sites/default/files/mcintiretour.pdfIn PDF document text
    • https://www.yildizbots.com/wp-content/uploads/2022/07/Buku_1000_Tafsir_Mimpi_Togel.pdfIn PDF document text
    • http://saddlebrand.com/?p=36375In PDF document text
    • https://www.reperiohumancapital.com/system/files/webform/solucionariocalculotomapostolvol1y2.pdfIn PDF document text
    • https://comecongracia.com/revelando-secretos/sd-jukebox-v4-0-best-free-download/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off00001c81.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1C81 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4