Malicious PDF — malware analysis report

Static analysis result for SHA-256 4e3f3dff7ee2abed…

MALICIOUS

PDF

119.3 KB Created: 2022-07-25 08:00:46 +00:00 Authoring application: yudnat (via PDF Master 1.0.1) First seen: 2026-06-19
MD5: 3cf625aed214d2cac224f13ba5ef2308 SHA-1: d3a215412dea3a6db77055a1aa5b4c1d7f1ff44d SHA-256: 4e3f3dff7ee2abed0f75e402a0faca0e2be2a04873a5cdd2997ed1b014324479
114 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0012

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Clickable URI points to raw IP address medium PDF_URI_IP_LITERAL
    PDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://godsearchs.com/ZG93bmxvYWR8VWw2WVhRME0zeDhNVFkxT0RJeE9EazROWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/abounded/carefulness/partridges.boole?&bmV0ZHZydjNkb3dubG9hZAbmV=himan PDF link annotation
    • https://www.pianosix.com/wp-content/uploads/2022/07/xymuly.pdfIn PDF document text
    • https://www.crypto-places-directory.com/wp-content/uploads/2022/07/Nero_2016_Platinum_V18002001_FINAL_Crack_Updated_Sep_2017__Serial_Key_Keygen_TOP.pdfIn PDF document text
    • https://dwfind.org/kalaban-trainer-download-upd/In PDF document text
    • http://www.ecomsrl.it/imazing-download-2020-crack-with-activation-key-hot/In PDF document text
    • https://uglemskogpleie.no/wp-content/uploads/2022/07/Pantalones_Cortos_Lara_Rios_Pdf_28.pdfIn PDF document text
    • http://3.16.76.74/advert/wwe-2k15-license-key-txt-download-link-for-pc/PDF link annotation
    • https://maturesensual.sexy/wp-content/uploads/2022/07/Microsoft_Office_2010_Mini_K_Activator_V1053_Crack_Key_Seria.pdfIn PDF document text
    • https://arlingtonliquorpackagestore.com/wp-content/uploads/2022/07/Arsa_De_Vie_Suad_Pdf_Download_Free.pdfIn PDF document text
    • https://www.techclipse.com/wp-content/uploads/2022/07/Software_Testing_Second_Edition_By_Ron_Patton_Pdf_77.pdfIn PDF document text
    • https://www.rhodiusiran.com/wp-content/uploads/2022/07/jeslett.pdfIn PDF document text
    • https://used-gensets.com/advert/gastroenterologia-villalobos-6-edicion-pdf-download-_hot_/In PDF document text
    • https://earthoceanandairtravel.com/wp-content/uploads/2022/07/Clave_Activacion_Stellar_Phoenix_Photo_Recoverygolkes.pdfIn PDF document text
    • https://cdn.lyv.style/wp-content/uploads/2022/07/25100043/phiran.pdfIn PDF document text
    • http://fajas.club/?p=40898In PDF document text
    • https://speedsuperads.com/wp-content/uploads/2022/07/zevyquen.pdfIn PDF document text
    • https://megaze.ru/wp-content/uploads/Amd_785g_Sb710_Driver_NEW_Download.pdfIn PDF document text
    • https://countymonthly.com/advert/download-buku-teologi-islam-harun-nasution-pdf-to-27-top/In PDF document text
    • https://holytrinitybridgeport.org/advert/bb5-ask2rpl-calculate-install/In PDF document text
    • http://garage2garage.net/advert/docrepair-3-10-updated-keygen-free/In PDF document text
    • https://beautyprosnearme.com/wp-content/uploads/2022/07/Plc_Password_Crack_Tool_Free_INSTALL_Download.pdfIn PDF document text
    • https://www.crypto-places-directory.com/wp-content/uploads/2022/07/Nero_2016_Platinum_V180020In PDF document text
    • https://maturesensual.sexy/wp-In PDF document text
    • https://arlingtonliquorpackagestore.com/wp-In PDF document text
    • https://www.techclipse.com/wp-In PDF document text
    • https://earthoceanandairtravel.com/wp-In PDF document text
    • https://beautyprosnearme.com/wp-In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.