Malicious PDF — malware analysis report

Static analysis result for SHA-256 6246a93058cf347d…

MALICIOUS

PDF

141.0 KB Created: 2022-06-10 08:30:59 +02:00 Authoring application: prijero (via PDF Master 1.0.1) First seen: 2026-05-29
MD5: ceb975694158fc236c2eb5876ea851c5 SHA-1: c1bd50be1cf3c9e04f51ba256dd2684d9f584d0d SHA-256: 6246a93058cf347d7d542260627e148c234468793f4da1d6396e948feef1caaa
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0007

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/blending.ZG93bmxvYWR8Z1Y0WkRScU4zeDhNVFkxTkRjNE1EZzNPWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA?/canna/nachschenken/MjAxMyBjbmMgdjMyLjIgY2FybWluYXQgdGVsZWNoYXJnZXIMjA/delete/pele/royal/unfashionable PDF link annotation
    • http://www.vxc.pl/wp-content/uploads/2022/06/Baidu_Cleaner_v6_download_pc.pdfIn PDF document text
    • http://www.vxc.pl/?p=10928In PDF document text
    • https://trhhomerental.com/wp-content/uploads/2022/06/Minecraft_1710_indir.pdfIn PDF document text
    • https://l1.intimlobnja.ru/ewp-ewprod-hanging-asphyxia-lisa-carele-drowned-mpeg-hot/In PDF document text
    • http://communitytea.org/wp-content/uploads/2022/06/Daz_Genesis_Genital_Morphs_INSTALL.pdfIn PDF document text
    • https://battlefinity.com/upload/files/2022/06/DUKLwSoyphdUUQCldEAW_10_129658c6ead374d602424071e4283e28_file.pdfIn PDF document text
    • http://cyclades.in/en/?p=39678In PDF document text
    • https://rodillosciclismo.com/sin-categoria/slicex-vst-new-download-link-pc/In PDF document text
    • https://www.cbdexpress.at/wp-content/uploads/How_to_play_max_payne_3_in_offline_mode.pdfIn PDF document text
    • http://www.sataal.com/wp-content/uploads/2022/06/alecalv.pdfIn PDF document text
    • https://delicatica.ru/2022/06/10/x-oom-music-clean-4-0-0-348-with-keygen/In PDF document text
    • https://ictlife.vn/upload/files/2022/06/5IRcE6WhGAYWlgJkGQb3_10_129658c6ead374d602424071e4283e28_file.pdfIn PDF document text
    • https://amazeme.pl/wp-content/uploads/2022/06/ForzaHorizonPcPasswordTxt.pdfIn PDF document text
    • https://www.lynnlevinephotography.com/hitman-2-silent-assassin-trainer-free-download-for-13/In PDF document text
    • http://www.easytable.online/wp-content/uploads/2022/06/narohap.pdfIn PDF document text
    • https://rit48.ru/wp-content/uploads/2022/06/bridelli.pdfIn PDF document text
    • https://kansabook.com/upload/files/2022/06/PKvMDWDdI9jQmlwxdQfX_10_129658c6ead374d602424071e4283e28_file.pdfIn PDF document text
    • http://www.ndvadvisers.com/fotoware-fotostation-pro-v6-0-122-multilanguage-full-top-version/In PDF document text
    • https://battlefinity.com/upload/files/2022/06/DUKLwSoyphdUUQCldEAW_10_129658c6ead374d602424071e4283e28_file.pIn PDF document text
    • https://socialstudentb.s3.amazonaws.com/upload/files/2022/06/nbbWIXx4RL867CHWE6Ts_10_2e9b3972be0830fe034582210e8d18e0_file.pdfIn PDF document text
    • https://fiverryourparty.wpcomstaging.com/wp-content/uploads/2022/06/yamyvee.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • https://socialstudentb.s3.amazonaws.com/upload/files/2022/06/nbbWIXx4RL867CHWE6Ts_10_2e9b3972be0830fe034582210In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off000023ae.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x23AE 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4
font_01_sfnt_off0000d191.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD191 76772 bytes
SHA-256: 07ce6fea3c98bf59133021be55ce9147f9c26365efe580a2a4f82130ca697f54