Malicious PDF — malware analysis report

Static analysis result for SHA-256 44566173181a1ff6…

MALICIOUS

PDF

122.0 KB Created: 2022-07-02 00:47:13 +02:00 Authoring application: reamfarl (via PDF Master 1.0.1) First seen: 2026-06-12
MD5: 8cf521fc85af0baeb0950ba8a8cee267 SHA-1: c789f8f0dd5609bbfac839305a9a66e98fd866d2 SHA-256: 44566173181a1ff645c076e0259d585d31889f7a5cab2fb8579e2ba37e30f6e5
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, indicated by the PDF_URI and PDF_SEO_LINK_FARM heuristics. The primary URL, http://bestentrypoint.com/chatman/..., suggests a lure to download content. The presence of numerous links points towards an attempt to distribute malicious files or engage in SEO-based traffic redirection.

Machine Learning

  • Nyx PDF Classifier clean score 0.0221

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bestentrypoint.com/chatman/ZG9uZ3JpIHNlIGR1YmFpIHRhayBpbiBoaW5kaSBwZGYgZG93bmxvYWQZG9/ZG93bmxvYWR8a3Q5TVRKcU1YeDhNVFkxTmpjeE1qTXdOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/clutters/mainframe.manufacturer/verizon/meritorious/madisonville PDF link annotation
    • https://www.dejavekita.com/upload/files/2022/07/a64YpR6yEeEQ8ETXUdmw_01_bc714570dbc5781d6f4de43f2ea467ca_file.pdfIn PDF document text
    • http://bariatric-club.net/?p=27240In PDF document text
    • http://peoniesandperennials.com/?p=7167In PDF document text
    • https://provibelife.com/wp-content/uploads/2022/07/Mumbai_125_Km_Hd_Movie_Download_Utorrent_Freek_LINK.pdfIn PDF document text
    • https://www.onlineusaclassified.com/advert/best-seo-company-in-noida-seo-services-agency-in-noida/In PDF document text
    • https://volyninfo.com/advert/mac-cs6-amtlib-framework-free-crack-zip/In PDF document text
    • https://www.dfusetech.com/system/files/webform/resumes/PATCHED-Windows-XP-Professional--SP3-x86.pdfIn PDF document text
    • https://www.rmselca.org/system/files/webform/hanwar299.pdfIn PDF document text
    • http://nuvocasa.com/?p=27217In PDF document text
    • https://trevelia.com/upload/files/2022/07/bYVNskjiDafiO8Gg4z33_01_cfd86c7a478348305ad3b1c0eb40ece9_file.pdfIn PDF document text
    • https://drruthrichards.com/wp-content/uploads/2022/07/temschu.pdfIn PDF document text
    • https://www.sertani.com/upload/files/2022/07/FXLzSR6wnXESfvpzijBt_01_bc714570dbc5781d6f4de43f2ea467ca_file.pdfIn PDF document text
    • https://www.brookfield.k12.ct.us/sites/g/files/vyhlif4196/f/pages/advocacy_letter_from_brookfield_public_schools.pdfIn PDF document text
    • https://matecumberesort.net/wp-content/uploads/2022/07/alstelis.pdfIn PDF document text
    • https://pneuscar-raposo.com/fsx-a2a-accu-sim-core-update-v2-0-cheat-engine/In PDF document text
    • https://www.couponsnip.in/wp-content/uploads/2022/07/Uncharted_3_Pc_Crack_18_HOT.pdfIn PDF document text
    • https://thecryptobee.com/3d-avatar-movies-full-exclusive-hd-1080p/In PDF document text
    • https://www.urban-texture.it/wp-content/uploads/Terminator_1_Mp4_Movie_Download_FREE.pdfIn PDF document text
    • https://www.sgprintinginc.com/sites/default/files/webform/projects/karhel462.pdfIn PDF document text
    • https://tattooshopreviews.com/wp-content/uploads/2022/07/Livro_Historia_Da_Cidade_Benevolo_Pdf_289-1.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00001587.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1587 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4