PDF static analysis report

Static analysis result for SHA-256 4e3a7dd164dab35a…

SUSPICIOUS

PDF

123.3 KB Created: 2022-07-02 09:42:57 +02:00 Authoring application: keiman (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 807a858769953b63cc21b265feb14980 SHA-1: bb94bb10ed236fffa40144800cc0de35afe9e181 SHA-256: 4e3a7dd164dab35ad7e4f16d1bc6037e4837023f8af8961a5f3c891f51183a0e
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains heuristics indicating it advertises cracked software and embeds external URIs. One of these URIs, http://thedirsite.com/..., is flagged as a potential malware distribution point. The document body is heavily obfuscated and does not provide further context, but the presence of these links strongly suggests a lure to download potentially malicious software.

Machine Learning

  • Nyx PDF Classifier clean score 0.0274

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://thedirsite.com/?ZG93bmxvYWR8VHI4WW1wbWNueDhNVFkxTmpjeE1qTXdOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=majiolicas.tascas.ability=citizenships=jamaal/U2lzc3kgTWFrZXIgMy40MCBHYW1lIFdhbGt0aHJvdWdoIERvd25sb2FkIGZvciBQQyBBbmRyb2lkU2l/rodolfo PDF link annotation
    • https://www.coussinsdeco.com/elementi-di-geotecnica-colombo-colleselli-pdf-hot/In PDF document text
    • https://belz-elektromagie.de/2022/07/02/completedentureprosthodonticsmanappallilpdffree-__full__/In PDF document text
    • https://sarahebott.org/itools-3-version-3-3-0-3-fixed-crack/In PDF document text
    • https://startpointsudan.com/index.php/2022/07/02/anstoss-2-gold-no-cd-crack-download-work/In PDF document text
    • https://www.mattapoisett.net/sites/g/files/vyhlif3436/f/uploads/shellfishlimits_0.pdfIn PDF document text
    • https://www.emitpost.com/wp-content/uploads/2022/07/betyopal.pdfIn PDF document text
    • https://ejenvie.com/wp-content/uploads/2022/07/Kim_Jung_Gi_Sketchbook_Pdf_Free_Download.pdfIn PDF document text
    • https://hgpropertysourcing.com/maugini-botanica-farmaceutica-pdf-free-install/In PDF document text
    • https://www.webcard.irish/petite-tomato-magazine-vol-31-vol-42-rar/In PDF document text
    • https://www.techclipse.com/dhoom-2-1-full-movie-download-kickass-torrent-hot/In PDF document text
    • https://www.marhaba.es/unnai-saranadainthen-full-movie-download-__link__/In PDF document text
    • https://tutorizone.com/obtain-future-cop-lapd-full-model-for-home-windows-7-portable/In PDF document text
    • https://www.townofwinchendon.com/sites/g/files/vyhlif8401/f/uploads/fy2015values.pdfIn PDF document text
    • https://www.stow-ma.gov/sites/g/files/vyhlif1286/f/uploads/text_alerts_0.pdfIn PDF document text
    • https://www.mil-spec-industries.com/system/files/webform/elldas339.pdfIn PDF document text
    • https://kozy-k.com/wp-content/uploads/2022/07/Ml_Khanna_Mathematics_Pdf_24-2.pdfIn PDF document text
    • http://www.vxc.pl/?p=34363In PDF document text
    • https://casacostaalmeria.com/wp-content/uploads/2022/07/Ensiklopedi_Orang_Kudus_Katolikpdf.pdfIn PDF document text
    • http://studentsresource.net/?p=232341In PDF document text
    • https://humansofkarnataka.com/yamashita-treasure-signs-and-symbols-pdf-14-2/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001a92.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1A92 120188 bytes
SHA-256: d1770dd02ee8f9b5747fa5b16b90b9f514dfb581ef8849a559059a5412d3ce44