Malicious PDF — malware analysis report

Static analysis result for SHA-256 6243ada435e86634…

MALICIOUS

PDF

140.8 KB Created: 2022-07-06 07:18:47 +02:00 Authoring application: quygarn (via PDF Master 1.0.1) First seen: 2026-05-29
MD5: 7c9bb9bae1b15345a7f3e1fcee489fbd SHA-1: 8ddac472fb4df041fb43985ad9de647469783f00 SHA-256: 6243ada435e866348d45f4cf655a8ea60ef809487a9b901334e9b4f446b3aaf6
74 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0092

Heuristics 4

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://tinurll.com/2smm2e PDF link annotation
    • https://2z01.com/programaparadescomprimirrarconpassword/In PDF document text
    • https://hillkesari.com/bs-player-pro-2-75-build-1088-with-serial-key-2021/In PDF document text
    • http://texocommunications.com/?p=21574In PDF document text
    • https://connectingner.com/2022/07/06/phan-mem-convert-pdf-to-word-full-crack-1-high-quality/In PDF document text
    • https://workplace.vidcloud.io/social/upload/files/2022/07/ADqkIMczHMQh2TG4zmWI_06_f0e2ed7d3be84465a423da07565e89a0_file.pdfIn PDF document text
    • https://damariuslovezanime.com/max-payne-3-activation-code-generatorrar-fixed/In PDF document text
    • https://alternantreprise.com/non-classifiee/hack-spyrix-personal-monitor-keylogger-11-1-3-latest/In PDF document text
    • https://telebook.app/upload/files/2022/07/pv9X8EenxsVGCALmkd1d_06_b406a87f80690b439fd095381eaf32dd_file.pdfIn PDF document text
    • http://topfleamarket.com/?p=30657In PDF document text
    • https://concourse-pharmacy.com/2022/07/06/dragon-frame-activation-code-top/In PDF document text
    • https://infinitynmore.com/2022/07/06/heridas-emocionales-bernardo-stamateas-pdf-14-2021-129311/In PDF document text
    • https://www.town.duxbury.ma.us/sites/g/files/vyhlif3056/f/uploads/resident_beach_sticker_application_2020_rev_5.27.20.pdfIn PDF document text
    • https://practicea.com/top-crack-mapilab-duplicate-email-remover/In PDF document text
    • https://usalocalads.com/advert/libretto-uso-e-manutenzione-bmw-x1-__hot__/In PDF document text
    • https://www.cbdexpress.nl/wp-content/uploads/Drpu_Bulk_Sms_Professional_Crack_For_Android_Mobile_Phone.pdfIn PDF document text
    • https://womss.com/all-in-one-keylogger-v3-6-best-keygen-rar/In PDF document text
    • https://idenjewelry.com/wp-content/uploads/urzdar.pdfIn PDF document text
    • https://workplace.vidcloud.io/social/upload/files/2022/07/ADqkIMczHMQh2TG4zmWI_06_f0e2ed7d3beIn PDF document text
    • https://telebook.app/upload/files/2022/07/pv9X8EenxsVGCALmkd1d_06_b406a87f80690b439fd0953In PDF document text
    • https://infinitynmore.com/2022/07/06/heridas-emocionales-bernardo-stamateas-In PDF document text
    • https://www.town.duxbury.ma.us/sites/g/files/vyhlif3056/f/uploads/resident_beach_sticker_applicatioIn PDF document text
    • https://www.cbdexpress.nl/wp-In PDF document text
    • https://wakelet.com/wake/4KxuccGIdEp3r9eJnW2BPIn PDF document text
    • https://wakelet.com/wake/y4rVjoy0rXkdE0STWim2kIn PDF document text
    • https://buddletlati.wixsite.com/decfovirse/post/kanamachi-bengali-movie-720p-55In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000026c5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x26C5 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000aeb1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAEB1 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261