PDF static analysis report

Static analysis result for SHA-256 5a771868da2a3da5…

SUSPICIOUS

PDF

253.5 KB Created: 2022-07-08 00:44:20 +00:00 Authoring application: tadichan (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 0204d746d277c75d2c020e622d4e7bc0 SHA-1: b513aa9d57545d50970e3aa1e739c561c50439eb SHA-256: 5a771868da2a3da50b439249a88770cd3e51edaa410b4376ecd7b77fffd139a4
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains heuristics indicating it advertises cracked software, with multiple embedded links pointing to such sites. One prominent URL, http://bestsmartfind.com/..., appears to be a download lure. While no scripts were extracted, the presence of embedded URLs and the cracked software lure strongly suggest a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0043

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bestsmartfind.com/ZG93bmxvYWR8RGs3WVRKemVYeDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/bushed/U3RyaWtlIEZvcmNlIEhlcm9lcyAzIEhhY2sU3R/gullet/pander=arrogant=polian=indefectible=sublimating PDF link annotation
    • https://tempusgems.com/wp-content/uploads/2022/07/Prince_Of_Persia_3d_V11_Nocd_Crack_For_The_Sims_2.pdfIn PDF document text
    • http://websiteusahawan.com/?p=6608In PDF document text
    • https://cdn.geeb.xyz/upload/files/2022/07/pOs9xvkOEGJqwj8wP51E_08_c741f1778e87d36b9348924a2f2c8b1d_file.pdfIn PDF document text
    • https://kinderspecial.com/blog/index.php?entryid=8082In PDF document text
    • https://iraqidinarforum.com/upload/files/2022/07/2W6Dyi4rOdjs5OZtBX8j_08_c741f1778e87d36b9348924a2f2c8b1d_file.pdfIn PDF document text
    • https://brutalrecords.com/coming-soon/In PDF document text
    • https://mahoganyrevue.com/advert/idautomation-barcode-label-software-crack-best/In PDF document text
    • https://moeingeo.com/wp-content/uploads/2022/07/FileScavenger43ENGKeygenepub.pdfIn PDF document text
    • https://fystop.fi/esp-12yo-fuck-10yo-boy-10yo-suck-14yo-boy-mpg-hit/In PDF document text
    • https://keyandtrust.com/wp-content/uploads/2022/07/Motogp_2014_Game_Pc_Free_LINK_Download_Full_Version.pdfIn PDF document text
    • https://sunuline.com/upload/files/2022/07/plLxg1MihjbEmKh67aFg_08_821270cd681a67bc46e88aeccfdf6e1a_file.pdfIn PDF document text
    • http://www.cpakamal.com/microstation-v8i-crack-keygen-pesinstmank-updated/In PDF document text
    • https://www.myshareshow.com/upload/files/2022/07/ga4zC3VHU3F9BopiZMf5_08_c741f1778e87d36b9348924a2f2c8b1d_file.pdfIn PDF document text
    • https://www.ccpl.org/system/files/webform/author-submit/howetal159.pdfIn PDF document text
    • https://omaamart.com/wp-content/uploads/2022/07/UnderTheDomeSeason1Complete720p.pdfIn PDF document text
    • https://desolate-falls-43165.herokuapp.com/x_force_keygen_AutoCAD_Design_Suite_2016_free_download_dmg.pdfIn PDF document text
    • https://2z31.com/ninfa-e-calita-deus-nao-vai-deixar-play-back/In PDF document text
    • https://guiacertousa.com/wp-content/uploads/2022/07/Revo_Uninstaller_Pro_423_Crack_With_Keygen_2020.pdfIn PDF document text
    • https://www.granby-ct.gov/sites/g/files/vyhlif3171/f/uploads/granby_ms4annualreport2021.docx_0.pdfIn PDF document text
    • https://tempusgems.com/wp-In PDF document text
    • https://cdn.geeb.xyz/upload/files/2022/07/pOs9xvkOEGJqwj8wP51E_08_c741f1778e87d36b93In PDF document text
    • https://iraqidinarforum.com/upload/files/2022/07/2W6Dyi4rOdjs5OZtBX8j_08_c741f1778e87dIn PDF document text
    • https://keyandtrust.com/wp-In PDF document text
    • https://sunuline.com/upload/files/2022/07/plLxg1MihjbEmKh67aFg_08_821270cd681a67bc46In PDF document text
    • https://www.myshareshow.com/upload/files/2022/07/ga4zC3VHU3F9BopiZMf5_08_c741f1778In PDF document text
    • https://omaamart.com/wp-In PDF document text
    • https://desolate-falls-43165.herokuapp.com/x_force_keygen_AutoCAD_Design_Suite_2016_freIn PDF document text
    • https://guiacertousa.com/wp-In PDF document text
    • https://www.granby-In PDF document text
    • https://britnven.wixsite.com/mistflowcary/post/humpty-sharma-ki-dulhania-720p-torrent-bestIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text