PDF static analysis report

Static analysis result for SHA-256 4c093d0a3b3cd68b…

SUSPICIOUS

PDF

126.3 KB Created: 2022-06-09 22:56:59 +02:00 Authoring application: incfaun (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 12f908797a0324c595d0f14e71ebd620 SHA-1: 053ae196f1541f944f82498072291012b5e6cd36 SHA-256: 4c093d0a3b3cd68b446db305469cee1199d1bfdc55a39e52c38c7a754b3f971c
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple embedded URLs that advertise cracked software, indicating a lure to download potentially malicious applications. One specific URL, http://evacdir.com/banks.RGVscGhpIDEwIFNlYXR0bGUgVW5pcyBDcmFjawRGV/bemoaning.cavernosum/underclothing/internazionale.ZG93bmxvYWR8UnU1Wm1ReGVYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA, appears to be a download link. The heuristic 'PDF_CRACKED_SOFTWARE_LURE' directly supports this finding.

Machine Learning

  • Nyx PDF Classifier clean score 0.0280

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/banks.RGVscGhpIDEwIFNlYXR0bGUgVW5pcyBDcmFjawRGV/bemoaning.cavernosum/underclothing/internazionale.ZG93bmxvYWR8UnU1Wm1ReGVYeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA PDF link annotation
    • http://www.delphineberry.com/?p=2231In PDF document text
    • http://www.nitbusinessdirectory.com.ng/nitbusinessdirectory/advert/easy-sysprep-v3-final-viet-hoarar-extra-quality/In PDF document text
    • https://www.apnarajya.com/rurouni-kenshin-movie-2012-english-subtitles-__link__-download/In PDF document text
    • https://www.voyavel.it/soundtrack-hable-con-ella-rarl/In PDF document text
    • https://dawnintheworld.net/daz-studio-4-5-serial-number-generator-better/In PDF document text
    • https://72bid.com?password-protected=loginIn PDF document text
    • https://tgmcn.com/adobe-illustrator-cs5-full-espa-ol-1-link/In PDF document text
    • https://spacefather.com/andfriends/upload/files/2022/06/C2n27DVZGp91I98qyAzW_09_f4b84f1ea7383c48f8dfbba1a5eac95a_file.pdfIn PDF document text
    • https://guaraparadise.com/2022/06/09/chris-brown-f-a-m-e-album-deluxe-edition-2011/In PDF document text
    • http://sourceofhealth.net/2022/06/09/keygen-xf-autocad-architecture-2019-x32-exe/In PDF document text
    • http://raga-e-store.com/download-film-main-tera-hero-720p-movies/In PDF document text
    • https://mandarininfo.com/dvdfab-v8-1-3-8-tom-da-man-precracked-full-version/In PDF document text
    • https://osqm.com/c-design-fashion-v4-rar-mega/In PDF document text
    • https://socialcaddiedev.com/3-idiots-english-dubbed-torrentl/In PDF document text
    • https://richonline.club/upload/files/2022/06/cYtegEaTIbWXKU61dudZ_09_bf0888a4cec3a90e2a72c8543f258ee8_file.pdfIn PDF document text
    • https://nisharma.com/sai-photoprint-10-keygen/In PDF document text
    • https://facenock.com/upload/files/2022/06/TzwKUpAzArwAzF1teZFU_09_f4b84f1ea7383c48f8dfbba1a5eac95a_file.pdfIn PDF document text
    • https://drogueriaconfia.com/shrek-4-sinkronizirano-na-hrvatski-download/In PDF document text
    • https://ferramentariasc.com/2022/06/09/factucont-5-full-hot-version-1/In PDF document text
    • https://cirismelsdhawsi.wixsite.com/pricinnisut/post/eobd-facile-premium-keygen-install-crackIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001979.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1979 120324 bytes
SHA-256: f12fd99a439a3f7be295b92632335d50aee9e5ef0f0423cab394b3572c156229