Malicious PDF — malware analysis report

Static analysis result for SHA-256 72bf610fd6bb45b0…

MALICIOUS

PDF

48.5 KB Created: 2022-12-02 07:34:42 +00:00 Authoring application: lautrev (via mPDF 8.1.2) First seen: 2026-06-28
MD5: 3e4a700dd7918accabd04bee509d56c6 SHA-1: e296ff41621fbc223b6731694dd6ddf632e01ddc SHA-256: 72bf610fd6bb45b062aeb2d13633d9fd4d40856c525d1bf7d10c510591dd472b
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0038

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://godsearchs.com/misdiagonosed/branded/carnivors.crimechecker/dioscorides/ZG93bmxvYWR8TnA4T0dSMGVIeDhNVFkyT1RnMk1qSTRObng4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/forestall/ipratropium/SW50cm9kdWN0aW9uIFRvIEVtYmVkZGVkIFN5c3RlbXMgQnkgU2hpYnUgSyBWIFBkZiBGaWxlc2wSW5 PDF link annotation
    • https://stonebridgehealthstaffing.com/wp-content/uploads/Napoleon_Total_War_Trainer_130_Build_1754.pdfIn PDF document text
    • https://jyotienterprises.net/wp-content/uploads/2022/12/milfax.pdfIn PDF document text
    • https://agroanuncios.pe/wp-content/uploads/2022/12/RStudio_Data_Recovery_v45127437_Serial_ENG_Arx_64_bit.pdfIn PDF document text
    • https://www.dominionphone.com/crack-new-zwcad-2011-english-professional-11/In PDF document text
    • https://wanoengineeringsystems.com/wp-content/uploads/2022/12/stepcle.pdfIn PDF document text
    • https://liquidonetransfer.com/wp-content/uploads/2022/12/8_Bit_Microprocessor_By_Vibhute_114pdf.pdfIn PDF document text
    • https://bodhirajabs.com/wp-content/uploads/2022/12/Remo_Software_Activation_Key_23.pdfIn PDF document text
    • http://technorium.ma/wp-content/uploads/2022/12/hektmar.pdfIn PDF document text
    • https://invecinatate.ro/wp-content/uploads/elbgra.pdfIn PDF document text
    • http://www.hacibektasdernegi.com/wp-content/uploads/wambisa.pdfIn PDF document text
    • http://dejavu.sourceforge.netIn PDF document text
    • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001dc2.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1DC2 19780 bytes
SHA-256: 4fa1e1f62893db1504b694ba157ca733dbc9a64fe6775bec7c5c9e8d41f3a745
stream_007_off000080ea.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x80EA 119072 bytes
SHA-256: df221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7
font_01_sfnt_off00005175.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5175 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8

Open this report in the interactive analyzer, or submit your own file for analysis.