Malicious PDF — malware analysis report

Static analysis result for SHA-256 624a15f8bcc5095c…

MALICIOUS

PDF

117.6 KB Created: 2022-07-25 01:01:01 +00:00 Authoring application: woorcal (via PDF Master 1.0.1) First seen: 2026-05-28
MD5: 53eee0d4b6fff900ef48a09390da1d40 SHA-1: 4ebed4ba024876681b1b238d0218c3d7010dce53 SHA-256: 624a15f8bcc5095c8fda1ed7dc071a4b761b1c0c60ca4af61287dd8f92be4852
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0015

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://findthisall.com/ZG93bmxvYWR8SUYwTTJVemRIeDhNVFkxT0RJeE9EazROWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/VG95b3RhIE5EQ04gVzU1IE5hdmlnYXRpb24gRFZEIEphcGFuIDIwMDUtYWRkcyAxVG9/antichrist?misery=ferengi/prinsengracht&usdoj=strokeplay PDF link annotation
    • http://factsacademy.com/wp-content/uploads/2022/07/Dil_Chahta_Hai_Movie_Download_In_Hindi_Mp4_Hd_LINK.pdfIn PDF document text
    • https://www.travelrr.com/manual-de-historia-critica-dominicana-juan-francisco-martinez-almanzar-pdf-__full__/In PDF document text
    • http://fantasysportsolympics.com/wp-content/uploads/2022/07/vladgeo.pdfIn PDF document text
    • http://manukau.biz/advert/sonicmaniaupdate1030831cpyversionnew-download/In PDF document text
    • https://www.chandabags.com/wp-content/uploads/2022/07/Sony_Acid_Pro_6_Incl_2021_Keygen_2021_Keygen.pdfIn PDF document text
    • http://newsafrica.world/?p=47039In PDF document text
    • https://cupcommunity.com/wp-content/uploads/2022/07/Lucid_Virtu_MVP_20_Pro_Edition_30107_X86_X64_Crack_EXCLUSIVE.pdfIn PDF document text
    • http://jeunvie.ir/?p=10572In PDF document text
    • https://liquidonetransfer.com.mx/?p=64515In PDF document text
    • http://dragonsecho.com/?p=14371In PDF document text
    • https://www.justformegadgetz.com/4team-duplicate-remover-keygen-music-repack/latest-technology/In PDF document text
    • http://yogaapaia.it/archives/67398In PDF document text
    • https://rodillosciclismo.com/noticias/palo-alto-firewall-vm-image-pa-vm-esx-6-1-0-ova-hot/In PDF document text
    • https://ppm24x7.com/archives/57218In PDF document text
    • https://stealthilyhealthy.com/corel-videostudio-pro-x8-keygen-download-22-repack/In PDF document text
    • https://agroanuncios.pe/wp-content/uploads/2022/07/free_corel_draw_x5_keygen_download_43.pdfIn PDF document text
    • https://www.dominionphone.com/zindagi-na-milegi-dobara-download-portable-720p-in-hindi/In PDF document text
    • http://www.b3llaphotographyblog.com/hellgate-london-x64-dx9-trainer-updated-download-temp/In PDF document text
    • https://islandcremations.com/wp-content/uploads/2022/07/yesspent.pdfIn PDF document text
    • https://efekt-metal.pl/witaj-swiecie/In PDF document text
    • http://factsacademy.com/wp-In PDF document text
    • https://www.travelrr.com/manual-de-historia-critica-dominicana-juan-francisco-martinez-almanzar-In PDF document text
    • https://www.chandabags.com/wp-In PDF document text
    • https://cupcommunity.com/wp-In PDF document text
    • https://www.justformegadgetz.com/4team-duplicate-remover-keygen-music-repack/latest-In PDF document text
    • http://findthisall.com/zg93bmxvywr8suywttjvemriedhnvfkxt0rjee9eazrowhg4twpvnu1iedhlrtbwsuzkdmntundjbvz6y3lcyldfmu1vbejesuzzeulgqkvsbda/vg95b3rhie5eq04gvzu1ie5hdmlnyxrpb24grfzeiephcgfuidiwmdutywrkcyaxvg9/antichrist?misery=ferengi/prinsengracht&usdoj=strokeplayIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002396.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2396 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000ab82.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAB82 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261