Malicious PDF — malware analysis report

Static analysis result for SHA-256 78214e97f34e562c…

MALICIOUS

PDF

110.4 KB Created: 2022-07-27 05:41:59 +00:00 Authoring application: finmart (via PDF Master 1.0.1) First seen: 2026-06-16
MD5: 2bbe618983dc9c745e89dcfdcb5c1c42 SHA-1: 97ef005332b9f25bdb6cc5fd4b36592d18b5247f SHA-256: 78214e97f34e562c3910e6c9955fad7ad42a66fde36eb360f29372002b8a925c
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0014

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINK
    PDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dawnloadonline.com/genitourinary/staggering/?&jimson=lighthearted&nonnestraat=notices.ZG93bmxvYWR8YWcyTm1Zek5ueDhNVFkxT0RJeE9UUTNNM3g4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA.ZW5kcmVuZHJ1bSBwdW5uYWdhaSBtb3ZpZSBkb3dubG9hZCB0YW1pbHJvY2tlcnMgNDE0ZW5 PDF link annotation
    • https://earthoceanandairtravel.com/wp-content/uploads/2022/07/garyjust.pdfIn PDF document text
    • http://jasaborsumurjakarta.com/?p=34131In PDF document text
    • https://shobaddak.com/wp-content/uploads/2022/07/Focus_part_1_full_movie_hindi_dubbed_download.pdfIn PDF document text
    • https://marchesenligne.fr/wp-content/uploads/2022/07/ellola.pdfIn PDF document text
    • https://zum-token.com/trend-system-engineering-tool-__link__-crack/In PDF document text
    • http://adhicitysentulbogor.com/?p=50138In PDF document text
    • https://www.forumartcentre.com/wp-content/uploads/2022/07/wakechr.pdfIn PDF document text
    • https://www.hubeali.com/wp-content/uploads/rydambi.pdfIn PDF document text
    • https://nesiastore.com/wp-content/uploads/2022/07/yalamal.pdfIn PDF document text
    • https://booktiques.eu/wp-content/uploads/2022/07/raktzoh.pdfIn PDF document text
    • https://cefcredit.com/download-the-baywatch-english-movie-mp4-exclusive/In PDF document text
    • http://www.ambulatorioveterinarioiaccarino.it/wp-content/uploads/2022/07/NeedforSpeedMostWantedMagyarositasgenerator.pdfIn PDF document text
    • https://seecurrents.com/wp-content/uploads/2022/07/3DMGAMEPlantsvsZombiesGardenWarfareCHSPatchv103DMexe.pdfIn PDF document text
    • https://www.clearlakewi.com/wp-content/uploads/2022/07/Como_Descargar_Gratis_Stkeys2_Guiexe_TOP.pdfIn PDF document text
    • https://dd-school.com/wp-content/uploads/2022/07/aimbot_for_shellshock_live.pdfIn PDF document text
    • https://www.bywegener.dk/wp-content/uploads/2022/07/yardtaky.pdfIn PDF document text
    • https://practicalislam.online/wp-content/uploads/2022/07/xforce_keygen_Advance_Steel_2019_64_bit_windows_10.pdfIn PDF document text
    • https://gracepluscoffee.com/basic-electrical-engineering-vn-mittle-arvind-mittal-pdf-33-free/In PDF document text
    • https://secureservercdn.net/198.71.233.46/479.459.myftpupload.com/wp-content/uploads/2022/07/recovery_toolbox_for_outlook_password_crack_serial_number.pdf?time=1658900310In PDF document text
    • http://goodidea.altervista.org/advert/revo-uninstaller-pro-4-2-3-free-crack-download-here/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.