SUSPICIOUS
34
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains heuristics indicating it advertises cracked software and embeds external URIs. One of these URIs, http://thedirsite.com/..., is flagged as a potential malware distribution point. The document body is heavily obfuscated and does not provide further context, but the presence of these links strongly suggests a lure to download potentially malicious software.
Machine Learning
- Nyx PDF Classifier clean score 0.0274
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://thedirsite.com/?ZG93bmxvYWR8VHI4WW1wbWNueDhNVFkxTmpjeE1qTXdOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=majiolicas.tascas.ability=citizenships=jamaal/U2lzc3kgTWFrZXIgMy40MCBHYW1lIFdhbGt0aHJvdWdoIERvd25sb2FkIGZvciBQQyBBbmRyb2lkU2l/rodolfo PDF link annotation
- https://www.coussinsdeco.com/elementi-di-geotecnica-colombo-colleselli-pdf-hot/In PDF document text
- https://belz-elektromagie.de/2022/07/02/completedentureprosthodonticsmanappallilpdffree-__full__/In PDF document text
- https://sarahebott.org/itools-3-version-3-3-0-3-fixed-crack/In PDF document text
- https://startpointsudan.com/index.php/2022/07/02/anstoss-2-gold-no-cd-crack-download-work/In PDF document text
- https://www.mattapoisett.net/sites/g/files/vyhlif3436/f/uploads/shellfishlimits_0.pdfIn PDF document text
- https://www.emitpost.com/wp-content/uploads/2022/07/betyopal.pdfIn PDF document text
- https://ejenvie.com/wp-content/uploads/2022/07/Kim_Jung_Gi_Sketchbook_Pdf_Free_Download.pdfIn PDF document text
- https://hgpropertysourcing.com/maugini-botanica-farmaceutica-pdf-free-install/In PDF document text
- https://www.webcard.irish/petite-tomato-magazine-vol-31-vol-42-rar/In PDF document text
- https://www.techclipse.com/dhoom-2-1-full-movie-download-kickass-torrent-hot/In PDF document text
- https://www.marhaba.es/unnai-saranadainthen-full-movie-download-__link__/In PDF document text
- https://tutorizone.com/obtain-future-cop-lapd-full-model-for-home-windows-7-portable/In PDF document text
- https://www.townofwinchendon.com/sites/g/files/vyhlif8401/f/uploads/fy2015values.pdfIn PDF document text
- https://www.stow-ma.gov/sites/g/files/vyhlif1286/f/uploads/text_alerts_0.pdfIn PDF document text
- https://www.mil-spec-industries.com/system/files/webform/elldas339.pdfIn PDF document text
- https://kozy-k.com/wp-content/uploads/2022/07/Ml_Khanna_Mathematics_Pdf_24-2.pdfIn PDF document text
- http://www.vxc.pl/?p=34363In PDF document text
- https://casacostaalmeria.com/wp-content/uploads/2022/07/Ensiklopedi_Orang_Kudus_Katolikpdf.pdfIn PDF document text
- http://studentsresource.net/?p=232341In PDF document text
- https://humansofkarnataka.com/yamashita-treasure-signs-and-symbols-pdf-14-2/In PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00001a92.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1A92 | 120188 bytes |
SHA-256: d1770dd02ee8f9b5747fa5b16b90b9f514dfb581ef8849a559059a5412d3ce44 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.