Malicious PDF — malware analysis report

Static analysis result for SHA-256 62427366802d0740…

MALICIOUS

PDF

120.9 KB Created: 2022-07-19 00:08:37 +00:00 Authoring application: wenssaed (via PDF Master 1.0.1) First seen: 2026-05-29
MD5: fe2a16d32099717571975293003b4099 SHA-1: 2a3782399ed755058ec6f98a934e9aac5827eb57 SHA-256: 62427366802d07400a384b37592250b0dacb859edb43c76548e3ddb318849a72
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0025

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://findinform.com/?ZG93bmxvYWR8M0dTTVRSdFkybDhmREUyTlRnd01EWTJPVGw4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk&coon=digitally&curses=kasanoff&binocular=bmlzc2FuIHBhdHJvbCB5NjAgc2VydmljZSBtYW51YWwbml PDF link annotation
    • https://hgpropertysourcing.com/zbrush-4r5-xforce-keygen-download14-17-new/In PDF document text
    • https://wilcityservice.com/wp-content/uploads/2022/07/HD_Online_Player_crazybump_12_crack_free_894.pdfIn PDF document text
    • http://www.jbdsnet.com/flash-memory-toolkit-201-full-version-serial-extra-quality/In PDF document text
    • https://lacomfortair.com/triunfo-del-amor-with-english-subtitles-free-__exclusive__-download/In PDF document text
    • https://thelandofthemisfitsouls.com/2022/07/18/hasee-toh-phasee-full-mp4-movie-download-__exclusive__/In PDF document text
    • https://lexcliq.com/hd-online-player-motu-patlu-king-of-kings-full-movie-in-tamil-hd-exclusive-download/In PDF document text
    • https://dwfind.org/mafia-2-plus-11-trainer/In PDF document text
    • https://manglarbymoms.co/wp-content/uploads/2022/07/Baixar_As_Apimentadas_Mandando_Ver_Dublado.pdfIn PDF document text
    • https://www.asdnocincorsa.it/wp-content/uploads/2022/07/shontomm.pdfIn PDF document text
    • https://2do.net/wp-content/uploads/2022/07/Acoustica_Pianissimo_V10b9_Crack_64_Bit_BEST.pdfIn PDF document text
    • http://beddinge20.se/?p=12348In PDF document text
    • http://techque.xyz/?p=14221In PDF document text
    • http://dragonsecho.com/?p=12901In PDF document text
    • https://balancin.click/the-mummy-returns-2001-tamil-eng-hindi-brrip-1080p-6-1-ch-team-m-j-r-mkv-__exclusive__/In PDF document text
    • https://www.hotels-valdys.fr/wp-content/uploads/2022/07/Nth_Theme_Maker_Jar_240x320_Free_Download_FULL.pdfIn PDF document text
    • http://modiransanjesh.ir/disney-magico-artista-3-crack-2021-download/In PDF document text
    • http://www.chandabags.com/carlos-y-jose-discografia-completa-rar/In PDF document text
    • https://mentalfinesse.com/wp-content/uploads/2022/07/Organic_Techno_Waveform_Recordings_Torrent_FREE.pdfIn PDF document text
    • https://original-engelsrufer.com/wp-content/uploads/2022/07/Alias_Surface_2016_64_Bit_PATCHED_Download_Torrent.pdfIn PDF document text
    • https://arlingtonliquorpackagestore.com/download-film-shiva-full-movie-3gp-free-top/In PDF document text
    • https://wilcityservice.com/wp-In PDF document text
    • https://thelandofthemisfitsouls.com/2022/07/18/hasee-toh-phasee-full-mp4-movie-In PDF document text
    • https://lexcliq.com/hd-online-player-motu-patlu-king-of-kings-full-movie-in-tamil-hd-exclusive-In PDF document text
    • https://manglarbymoms.co/wp-In PDF document text
    • https://balancin.click/the-mummy-returns-2001-tamil-eng-hindi-brrip-1080p-6-1-ch-team-m-j-r-In PDF document text
    • https://www.hotels-valdys.fr/wp-In PDF document text
    • https://mentalfinesse.com/wp-In PDF document text
    • https://original-engelsrufer.com/wp-In PDF document text
    • http://findinform.com/?zg93bmxvywr8m0dttvrsdfkybdhmreuytlrnd01ewtjpvgw4zkrjmu9uqjhmq2hos1ncwgizsmtjsepsyznnz1cxae5urkpruxlcv01pqlfsrvpk&coon=digitally&curses=kasanoff&binocular=bmlzc2fuihbhdhjvbcb5njagc2vydmljzsbtyw51ywwbmlIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002c92.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2C92 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000b47e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB47E 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261