PDF static analysis report

Static analysis result for SHA-256 46f9b4332bec420e…

SUSPICIOUS

PDF

121.8 KB Created: 2022-07-02 09:22:33 +02:00 Authoring application: okitym (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 2e3051a119f6eb8d616f6f17451226c0 SHA-1: 869057cd9486e0ca2c4f0c567a1c2cbbec6f0d35 SHA-256: 46f9b4332bec420eac6faa8644d8f4b8e14d83895e46b3c327996bd82c84a1ac
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple heuristics indicating it is a lure for cracked software. It embeds external URIs and specific links that advertise pirated software, suggesting a malicious intent to redirect users to potentially harmful sites. The primary attack pattern involves social engineering through fake software offers.

Machine Learning

  • Nyx PDF Classifier clean score 0.0226

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://blogbasters.com/ZG93bmxvYWR8Y3kwWWpWcWVIeDhNVFkxTmpjeE1qTXdOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?allpicnictables=appraisal&mezzo=YmVuam9obnNvbm1hbGF5YWxhbW1vdmllZnJlZWRvd25sb2FkawYmV..&onces=pourri PDF link annotation
    • https://claverfox.com/advert/smtp-server-provider-best-smtp-server-provider-in-india/In PDF document text
    • https://conbluetooth.net/wp-content/uploads/2022/07/okafav.pdfIn PDF document text
    • http://theinspirationseekers.com/hd-online-player-b-a-pass-2-telugu-movie-download-best/In PDF document text
    • https://jrowberg.io/advert/english-subtitle-for-rise-of-the-zombies-2012-install/In PDF document text
    • http://fokusparlemen.id/?p=23821In PDF document text
    • https://bukitaksara.com/wp-content/uploads/2022/07/wesbben.pdfIn PDF document text
    • https://ibipti.com/tricalc-74-19-_verified_/In PDF document text
    • https://parsiangroup.ca/2022/07/fifa-12-commentary-pack-all-languages-verified/In PDF document text
    • http://www.studiofratini.com/usb-redirector-6-4-keygen-19-portable/In PDF document text
    • https://theblinkapp.com/english-today-multimedia-course-full-set-26-dvds-torrent-_verified_/In PDF document text
    • http://yellowstonetravelchronicle.com/harwas/02/07/2022/tekken-5-for-pc-highly-compressed-just-30-mb-topIn PDF document text
    • https://damp-lake-62427.herokuapp.com/alyswel.pdfIn PDF document text
    • https://www.sgprintinginc.com/sites/default/files/webform/projects/The-twilight-saga-breaking-dawn-part-2-hindi-dubbed-torrent.pdfIn PDF document text
    • http://diamondtoolusa.com/dinasty-max-3-crack-portable/In PDF document text
    • https://solaceforwomen.com/silkypix-developer-studio-pro-8-0-24-0-serial-key-keygen-free/In PDF document text
    • http://commongroundva.com/?p=9711In PDF document text
    • https://galerie.su/suspense-digest-august-2018-free-top-download/In PDF document text
    • https://ladykave.com/video-hubungan-seks-ibu-kandung-dengan-anak-kandung-added-by-request-2/In PDF document text
    • https://socialstudentb.s3.amazonaws.com/upload/files/2022/07/cg1rjMdfQGWbDq5c4F5M_02_df6e294fe53c5760f523595d416795c7_file.pdfIn PDF document text
    • https://magazine.uni.edu/sites/default/files/unialumnimagazine_2022.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off000014e4.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x14E4 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4