Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d8efa2ddf060d2c…

MALICIOUS

PDF

141.4 KB Created: 2022-07-25 20:13:52 +00:00 Authoring application: ultrdie (via PDF Master 1.0.1) First seen: 2026-06-18
MD5: 49a4697f5bcf600404a17a4ec974e03d SHA-1: 373df4e3ed83d04cd0ec66bfa4f76c3ccc985318 SHA-256: 5d8efa2ddf060d2cf2c5d40bc35cf299fab6831b700baa59da3c65250d9484c5
102 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0006

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://signforcover.com/ZG93bmxvYWR8OXFyY0RkbVlYeDhNVFkxT0RJeE9EazROWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/R29vZ2xlIFNrZXRjaFVwIFBybyAyMDE3IENyYWNrIExpY2Vuc2UgS2V5IElzIEhlcmUR29.picturegear.convent.grittier=christ PDF link annotation
    • http://www.grisemottes.com/wp-content/uploads/2022/07/the_secrets_of_da_vinci_game_crack.pdfIn PDF document text
    • https://www.onlineusaclassified.com/advert/best-seo-company-in-noida-seo-services-agency-in-noida/In PDF document text
    • https://www.la-pam.nl/james-camerons-avatar-the-game-activation-keygen-download-pc-link/In PDF document text
    • https://www.steppingstonesmalta.com/adobe-animate-cc-2015-15-1-portableby-robert-setup-free-free/In PDF document text
    • https://brinke-eq.com/advert/aladin-english-full-movie-download-__full__/In PDF document text
    • https://immanuelglobalwp.com/patched-utorrent-3-2-1-stable-bulid-28086vector-link-2/In PDF document text
    • http://trabajarenlafrater.com/wp-content/uploads/2022/07/makakeal.pdfIn PDF document text
    • https://www.wangfuchao.com/wp-content/uploads/2022/07/Adobe_Acrobat_Pro_DC_V2015_MULTI.pdfIn PDF document text
    • https://www.beaches-lakesides.com/realestate/lie-with-me-dubbed-in-hindi-full-__top__-movie-download-in-mp4/In PDF document text
    • https://www.paylessdvds.com/curso-simulado-e-indexado-ps-e-corel-draw-rar-free-top-download/In PDF document text
    • https://santoshkpandey.com/remarque-niente-di-nuovo-sul-fronte-occidentale-pdf-download-exclusive/In PDF document text
    • https://teenmemorywall.com/microsoft-exchange-server-2010-product-key-crack-2021/In PDF document text
    • https://www.nzangoartistresidency.com/new-release-phast-6-54-crack-17-decodificador-matros-new/In PDF document text
    • https://lutce.ru/wp-content/uploads/2022/07/altova_xmlspy_enterprise_edition_2014_keygen_generator.pdfIn PDF document text
    • https://liquidonetransfer.com/wp-content/uploads/2022/07/Starting_Out_With_Python_4th_Edition_Download_BETTERs_Torrent_Toot_Motorizados_Nbsp_ANTERI.pdfIn PDF document text
    • https://ksycomputer.com/saab-9-3-navigation-2010-dvd-eastern-and-western-europe/In PDF document text
    • https://www.pivatoporte.com/wp-content/uploads/2022/07/Super_contra_nes_30_livesgolkes.pdfIn PDF document text
    • http://hotelthequeen.it/wp-content/uploads/2022/07/fridbern.pdfIn PDF document text
    • http://ballyhouracampervanpark.ie/wp-content/uploads/2022/07/Visual_Studio_6_MSDN_Library_CD1_And_CD2_TOP.pdfIn PDF document text
    • https://pollynationapothecary.com/wp-content/uploads/2022/07/balielly.pdfIn PDF document text
    • https://www.onlineusaclassified.com/advert/best-seo-company-in-noida-seo-services-agency-in-In PDF document text
    • https://www.steppingstonesmalta.com/adobe-animate-cc-2015-15-1-portableby-robert-setup-free-In PDF document text
    • https://www.beaches-lakesides.com/realestate/lie-with-me-dubbed-in-hindi-full-__top__-movie-In PDF document text
    • https://santoshkpandey.com/remarque-niente-di-nuovo-sul-fronte-occidentale-pdf-download-In PDF document text
    • https://lutce.ru/wp-In PDF document text
    • https://liquidonetransfer.com/wp-content/uploads/2022/07/Starting_Out_With_Python_4th_Edition_DoIn PDF document text
    • http://ballyhouracampervanpark.ie/wp-In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.