PDF static analysis report

Static analysis result for SHA-256 5de7f876e0f7db47…

SUSPICIOUS

PDF

149.2 KB Created: 2022-07-02 15:50:34 +00:00 Authoring application: fileil (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: a585d193baf4c9a3ce2daa1563bd5bd0 SHA-1: 2f5cf4454b4338d570d60cd3302ac10f46b983e9 SHA-256: 5de7f876e0f7db47c6dc9b79be0e798817fc80a4664efe2a452eee30e527674f
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple links advertising cracked and pirated software, indicating a lure for users to download potentially malicious files. One embedded URI, http://awarefinance.com/attrition.gutters/..., suggests a direct download path for a payload. The document's structure and embedded links strongly suggest a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0054

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://awarefinance.com/attrition.gutters/ZG93bmxvYWR8OVNTTW1jd1pIeDhNVFkxTmpjM01UZ3hPSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/mizuna/quart.UmFkaW9CT1NTLjUuNy4wLjcuN3ogU2VyaWFsIEtleSBrZXlnZW4UmF.terasto.unvarnished.mcgill PDF link annotation
    • https://aposhop-online.de/2022/07/02/patched-crack-aio-windows-10-pro32-64-bit-1607-bu-14393-all-langu-38x2-act/In PDF document text
    • https://zardi.pk/wp-content/uploads/2022/07/savmeeg.pdfIn PDF document text
    • https://hhinst.com/advert/gsonique-ultrabass-mx44-vsti-v10/In PDF document text
    • https://intrendnews.com/brian-lara-cricket-2005-pc-sport-full-work/In PDF document text
    • https://www.yunusbasar.com/wp-content/uploads/2022/07/Mensajeros_Del_Alba_De_Barbara_Marciniak_Pdf_Free_LINK.pdfIn PDF document text
    • https://thoitranghalo.com/2022/07/02/project-igi-game-free-download-full-version-for-mobile-new/In PDF document text
    • https://rsmerchantservices.com/wp-content/uploads/2022/07/Paan_Singh_Tomar_2012_DVDRip_720p_X264_AACAmeet6233.pdfIn PDF document text
    • https://www.fernco.com/sites/default/files/webform/part-time-resumes/berfyn759.pdfIn PDF document text
    • https://www.puremeditation.org/2022/07/02/racerender-v2-5-5-crack-__full__/In PDF document text
    • https://suministrosperu.com/wp-content/uploads/2022/07/Life_of_pi_dual_audio_torrent_download_link.pdfIn PDF document text
    • https://yietnam.com/upload/files/2022/07/k5VarpvKxHzgUjzZcD6C_02_0708adef2ecb1ef4a7c3cce4fd7c7fdb_file.pdfIn PDF document text
    • https://3530elriconway.com/wp-content/uploads/2022/07/janter.pdfIn PDF document text
    • https://hanffreunde-braunschweig.de/crack-keygenautocad-lt-for-mac-2018-key-updated/In PDF document text
    • https://check-list-demenagement.fr/wp-content/uploads/2022/07/latemal.pdfIn PDF document text
    • https://formule-etudiante.com/wp-content/uploads/2022/07/Nevoile_Lui_Nevoile_Ei_Pdf_49.pdfIn PDF document text
    • http://supreo.fr/wp-content/uploads/2022/07/ActivationArnold2018BETTER_Crack.pdfIn PDF document text
    • https://evolutionathletecr.com/wp-content/uploads/2022/07/Easy_Street_Draw_5_Crack_Free_226.pdfIn PDF document text
    • https://diontalent.nl/2022/07/02/blueway-n9200-driver-download-best/In PDF document text
    • http://www.hva-concept.com/prem-ratan-dhan-payo-hindi-movie-720p-free-hot-download/In PDF document text
    • http://supreo.fr/wp-content/uploads/2022/07/activationarnold2018better_crack.pdfIn PDF document text
    • https://www.egr.msu.edu/graduate/sites/default/files/webform/resumebook/darjai634.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text