Malicious PDF — malware analysis report

Static analysis result for SHA-256 79321fe45b7af7d0…

MALICIOUS

PDF

133.4 KB Created: 2022-09-13 16:39:32 +00:00 Authoring application: chahar (via PDF Master 1.0.1) First seen: 2026-06-15
MD5: 006127a666e53157cd3f94ca321019b5 SHA-1: 764352ab4eea421324c62de71c9132505cd92ce1 SHA-256: 79321fe45b7af7d090d69fcf0fc258d5e5928423c1f2a37bea2b9bbc00d18b67
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0007

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rocketcarrental.com/cats/isoflavins.myshopping/proteges.reach?RG93bmxvYWRTdXJ2aXZhbGNyYWZ0UGNXaW5NZWRpYWZpcmVyYXIRG9=lissewege&ultrafashionable=ZG93bmxvYWR8TlAzTVhBemIzbDhmREUyTmpJMk9EQXpPVEI4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk PDF link annotation
    • https://shoplidaire.fr/wp-content/uploads/2022/09/lyzade.pdfIn PDF document text
    • http://dichvuhoicuoi.com/wp-content/uploads/2022/09/moarkasy.pdfIn PDF document text
    • https://specialneedsafrica.com/wp-content/uploads/2022/09/Autocad_2010_64_Bit_Crack_2021_File_Free_15lkjh.pdfIn PDF document text
    • https://rxharun.com/beyonce-4-zip-mediafirel-best/In PDF document text
    • https://wetraveleasy.com/2022/09/13/hd-online-player-interstellar-movie-top-download-in-hindi-720p-hd-resolutiongolkes/In PDF document text
    • https://theamazingescape.com/wp-content/uploads/2022/09/Multiloader_562_Free_Downloadrar_VERIFIED.pdfIn PDF document text
    • https://xtc-hair.com/windpro-2-8-top-crack/In PDF document text
    • https://workuccino.com/wp-content/uploads/2022/09/Bentley_Mxroad_Suite_V8i_Keygen.pdfIn PDF document text
    • http://tlcdesigncenter.com/wp-content/uploads/2022/09/granen.pdfIn PDF document text
    • https://budgetparticipatifnivernais.fr/wp-content/uploads/2022/09/Skyrim_Black_Box_Sound_Fix_INSTALL.pdfIn PDF document text
    • https://pieseutilajeagricole.com/wp-content/uploads/2022/09/Neat_Video_Pro_411_for_OFX_Full_Crack.pdfIn PDF document text
    • https://ubex.in/wp-content/uploads/2022/09/Whatsapp_Jar_File_For_Mobile_Samsung_Chat_355rar_WORK.pdfIn PDF document text
    • http://fajas.club/?p=62855In PDF document text
    • https://www.holidays-bulgaria.com/wp-content/uploads/2022/09/stairdesigner_508a_pro_rbrar.pdfIn PDF document text
    • https://tecnoviolone.com/wp-content/uploads/2022/09/IarEmbeddedWorkbenchForArm610WORK_Crack.pdfIn PDF document text
    • http://hotelthequeen.it/2022/09/13/aster-v7-15-_best_/In PDF document text
    • https://www.mjeeb.com/mehmet-h-omurtag-dinamik-pdf-download-top/In PDF document text
    • https://worldpronet.site/wp-content/uploads/2022/09/holtym.pdfIn PDF document text
    • https://sahabhaav.com/serum-vst-s3th-the-ghost-xwy-repack-serial-key-hot/In PDF document text
    • http://antiquesanddecor.org/?p=72311In PDF document text
    • https://specialneedsafrica.com/wp-In PDF document text
    • https://wetraveleasy.com/2022/09/13/hd-online-player-interstellar-movie-top-download-in-In PDF document text
    • https://theamazingescape.com/wp-In PDF document text
    • https://workuccino.com/wp-In PDF document text
    • https://budgetparticipatifnivernais.fr/wp-In PDF document text
    • https://pieseutilajeagricole.com/wp-In PDF document text
    • https://ubex.in/wp-content/uploads/2022/09/Whatsapp_Jar_File_For_Mobile_Samsung_ChaIn PDF document text
    • https://www.holidays-bulgaria.com/wp-In PDF document text
    • https://tecnoviolone.com/wp-In PDF document text
    • https://pieseutilajeagricole.com/wp-content/uploads/2022/09/neat_video_pro_411_for_ofx_full_crack.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_010_off00019ac0.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x19AC0 119072 bytes
SHA-256: df221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7

Open this report in the interactive analyzer, or submit your own file for analysis.