PDF static analysis report

Static analysis result for SHA-256 6caae856cd198743…

SUSPICIOUS

PDF

123.9 KB Created: 2022-07-04 05:03:15 +00:00 Authoring application: chamica (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: c5e6719795ab8fa3496d14a0f8426e50 SHA-1: e53afce463acde88933e38e419696d01485bb129 SHA-256: 6caae856cd19874351bb08c1247a096f30d969aff1b9513d9bd31e7c9c637950
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple links advertising cracked and pirated software, indicating a lure to trick users into visiting potentially malicious sites. One of the embedded URIs, http://esecuritys.com/SkJKRiBFbmNyeXB0aW9uIERlY3J5cHRpb24gVG9vbASkJ/ZG93bmxvYWR8MlFUTjJwcE4zeDhNVFkxTmpnNU1qTTFNbng4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/pettit/adhesives/&klausren=fleischers, is particularly suspicious and likely serves as a download source for malware. The heuristic 'PDF_CRACKED_SOFTWARE_LURE' confirms the nature of the content.

Machine Learning

  • Nyx PDF Classifier clean score 0.0090

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://esecuritys.com/SkJKRiBFbmNyeXB0aW9uIERlY3J5cHRpb24gVG9vbASkJ/ZG93bmxvYWR8MlFUTjJwcE4zeDhNVFkxTmpnNU1qTTFNbng4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/pettit/adhesives/&klausren=fleischers PDF link annotation
    • https://social.halvsie.com/upload/files/2022/07/MrPLZlHx8UMnX1X6aObH_04_91010343432f78032ca2394cc1019902_file.pdfIn PDF document text
    • http://steamworksedmonton.com/express-mp4-movie-converter-5-20-for-windows-final-2022/In PDF document text
    • http://goldeneagleauction.com/?p=45777In PDF document text
    • https://swisshtechnologies.com/qa-studio/In PDF document text
    • http://brotherskeeperint.com/2022/07/freeftpd-crack-full-product-key-pc-windows/In PDF document text
    • http://www.rentbd.net/?p=22122In PDF document text
    • https://www.sartorishotel.it/portable-webissues-crack-activation-key-free-download-mac-win-2022-latest/In PDF document text
    • https://protected-caverns-32480.herokuapp.com/FamilyVoyage.pdfIn PDF document text
    • https://marketstory360.com/news/45768/rofocus-crack-free-registration-code-download/In PDF document text
    • https://redomshop.com/2022/07/04/laufschrift-download-for-pc-2022/In PDF document text
    • https://hatbazzar.net/wp-content/uploads/2022/07/Tray_Tools_2000.pdfIn PDF document text
    • https://floating-gorge-84784.herokuapp.com/speasat.pdfIn PDF document text
    • http://www.byinfo.net/puretext-crack-free-download-3264bit-latest-2022/In PDF document text
    • https://venbud.com/advert/perfect-day-the-deluxe-wedding-planner-keygen-for-lifetime-download-3264bit-latest/In PDF document text
    • https://travelwithme.social/upload/files/2022/07/mTkhy72GBno8CpTXMTio_04_44819ad49045b6c2361bd1cc94dc6ff9_file.pdfIn PDF document text
    • https://www.digitalpub.ma/advert/secure-password-generator-activation-code/In PDF document text
    • https://automarkt.click/wp-content/uploads/2022/07/raykaf.pdfIn PDF document text
    • https://marketing6s.com/index.php/advert/searchpreview-for-chrome-crack-with-product-key-download-mac-win-latest-2022/In PDF document text
    • http://igpsclub.ru/social/upload/files/2022/07/CiETnJKsqXGAsMAbTD1e_04_91010343432f78032ca2394cc1019902_file.pdfIn PDF document text
    • https://fonerammylenra.wixsite.com/farmlunwira/post/selftest-engine-crackIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000016d5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x16D5 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off00009ec1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9EC1 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261