SUSPICIOUS
34
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains multiple heuristics indicating it is a lure for cracked software. It embeds external URIs and specific links that advertise pirated software, suggesting a malicious intent to redirect users to potentially harmful sites. The primary attack pattern involves social engineering through fake software offers.
Machine Learning
- Nyx PDF Classifier clean score 0.0226
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://blogbasters.com/ZG93bmxvYWR8Y3kwWWpWcWVIeDhNVFkxTmpjeE1qTXdOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?allpicnictables=appraisal&mezzo=YmVuam9obnNvbm1hbGF5YWxhbW1vdmllZnJlZWRvd25sb2FkawYmV..&onces=pourri PDF link annotation
- https://claverfox.com/advert/smtp-server-provider-best-smtp-server-provider-in-india/In PDF document text
- https://conbluetooth.net/wp-content/uploads/2022/07/okafav.pdfIn PDF document text
- http://theinspirationseekers.com/hd-online-player-b-a-pass-2-telugu-movie-download-best/In PDF document text
- https://jrowberg.io/advert/english-subtitle-for-rise-of-the-zombies-2012-install/In PDF document text
- http://fokusparlemen.id/?p=23821In PDF document text
- https://bukitaksara.com/wp-content/uploads/2022/07/wesbben.pdfIn PDF document text
- https://ibipti.com/tricalc-74-19-_verified_/In PDF document text
- https://parsiangroup.ca/2022/07/fifa-12-commentary-pack-all-languages-verified/In PDF document text
- http://www.studiofratini.com/usb-redirector-6-4-keygen-19-portable/In PDF document text
- https://theblinkapp.com/english-today-multimedia-course-full-set-26-dvds-torrent-_verified_/In PDF document text
- http://yellowstonetravelchronicle.com/harwas/02/07/2022/tekken-5-for-pc-highly-compressed-just-30-mb-topIn PDF document text
- https://damp-lake-62427.herokuapp.com/alyswel.pdfIn PDF document text
- https://www.sgprintinginc.com/sites/default/files/webform/projects/The-twilight-saga-breaking-dawn-part-2-hindi-dubbed-torrent.pdfIn PDF document text
- http://diamondtoolusa.com/dinasty-max-3-crack-portable/In PDF document text
- https://solaceforwomen.com/silkypix-developer-studio-pro-8-0-24-0-serial-key-keygen-free/In PDF document text
- http://commongroundva.com/?p=9711In PDF document text
- https://galerie.su/suspense-digest-august-2018-free-top-download/In PDF document text
- https://ladykave.com/video-hubungan-seks-ibu-kandung-dengan-anak-kandung-added-by-request-2/In PDF document text
- https://socialstudentb.s3.amazonaws.com/upload/files/2022/07/cg1rjMdfQGWbDq5c4F5M_02_df6e294fe53c5760f523595d416795c7_file.pdfIn PDF document text
- https://magazine.uni.edu/sites/default/files/unialumnimagazine_2022.pdfIn PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000014e4.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x14E4 | 120140 bytes |
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.