Malicious PDF — malware analysis report

Static analysis result for SHA-256 4783d9e8bfa13c08…

MALICIOUS

PDF

134.5 KB Created: 2022-06-15 20:51:09 +02:00 Authoring application: okilat (via PDF Master 1.0.1) First seen: 2026-06-20
MD5: bad17224c3c6fb7cf8ebb27b0b3c427c SHA-1: d47ac0d6f295204596e3f3b98292b174b1c2fc7f SHA-256: 4783d9e8bfa13c08e63e96ac6e228fdd923451b813f9480a085d84a75f6fd14f
94 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0017

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/ZG93bmxvYWR8ZHY2TldOaGQzeDhNVFkxTlRJNU9UZzBOSHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/cyberws/igen/inevitable/vijaykanth.selfless/U2VjdXJlRlgU2V.chandiramani PDF link annotation
    • https://swecentre.com/wp-content/uploads/2022/06/DVD_Creator_Plus____2022Latest.pdfIn PDF document text
    • https://www.sumisurabespoke.it/wp-content/uploads/2022/06/Xp_Style_Icons_Free____With_Registration_Code_____X64_Updated_2022.pdfIn PDF document text
    • https://perfectlypolisheddayspa.com/wp-content/uploads/2022/06/Packer3d_________.pdfIn PDF document text
    • https://expressmondor.net/anansi-browser-��������-free-registration-code-��������������-������������������-������-������/In PDF document text
    • https://sophot.org/wp-content/uploads/2022/06/NeroSteger_MusicStudio_Player____X64_2022_New.pdfIn PDF document text
    • http://thetruckerbook.com/2022/06/15/odt-to-txt-converter-software-����������������������������-������������-������������-activati/In PDF document text
    • https://www.sprinklesandseasalt.com/recipes/anymp4-video-downloader-��������-with-license-key-��������������-������������������/In PDF document text
    • https://gimgame.ru/hydrairc-kryak-skachat/In PDF document text
    • https://www.vfapartners.com/atomic-timesync-��������-license-code-keygen-��������������-������������������-������-����/In PDF document text
    • http://bestoffers-online.com/?p=21385In PDF document text
    • https://www.meselal.com/wp-content/uploads/2022/06/DVDFab_Video_Converter____Product_Key_Full_.pdfIn PDF document text
    • http://www.ndvadvisers.com/?p=In PDF document text
    • https://davidhassmann.com/2022/06/15/floating-clock-������������������-��������������/In PDF document text
    • http://facebook.jkard.com/upload/files/2022/06/TGhcbOlyV2oomaVQY14T_15_43d168fb6d02492b5d49b9005a9303ed_file.pdfIn PDF document text
    • https://openld.de/wp-content/uploads/2022/06/Auto_Keyboard_Backlight.pdfIn PDF document text
    • https://autocracymachinery.com/wallpaper-changer-2-��������������-������������������/In PDF document text
    • http://compasscarrier.com/befaster-lite-������������������-registration-code-��������������-for-windows/In PDF document text
    • https://guaraparadise.com/2022/06/15/flat-��������������/In PDF document text
    • http://mein-portfolio.net/wp-content/uploads/2022/06/Text2Kar.pdfIn PDF document text
    • https://www.sprinklesandseasalt.com/recipes/anymp4-video-downloader-ключ-with-license-key-скачать-бесплатно/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001b95.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1B95 129272 bytes
SHA-256: 8ade0608796a6f4899c57850c43151064524b5801d2ee25ba7de8b980cabcf1d

Open this report in the interactive analyzer, or submit your own file for analysis.