Malicious PDF — malware analysis report

Static analysis result for SHA-256 793c8c37d1d02ced…

MALICIOUS

PDF

105.3 KB Created: 2022-06-11 06:32:04 +02:00 Authoring application: otavlyv (via PDF Master 1.0.1) First seen: 2026-06-15
MD5: 23800de3c91bda39753c4dd0a3cfc42b SHA-1: 929fd6f40c1c65e0e755b414ca11b6b0b3b354ec SHA-256: 793c8c37d1d02cede1433e545c494ab39675bb351bc73d2efeb894c8b4755b65
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0045

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/ZG93bmxvYWQgc2ltcyBtYWtpbiBtYWdpYyBmdWxsIHZlcnNpb24ZG9/ZG93bmxvYWR8d00yWTJGMmFueDhNVFkxTkRnNU16RTVNWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/achebe.habitant/bungling.swamped PDF link annotation
    • http://www.xn--1mq674hzcau92k.com/archives/2773/In PDF document text
    • https://tourismcenter.ge/wp-content/uploads/2022/06/livsakt.pdfIn PDF document text
    • https://www.vakantiehuiswinkel.nl/windowsinstallerkb893803v2x64/In PDF document text
    • http://atmecargo.com/?p=4221In PDF document text
    • http://www.covenantmiami.org/wp-content/uploads/2022/06/Autodata_Na_Srpskom_Download_Free_Besplatno11_NEW.pdfIn PDF document text
    • https://guarded-shelf-06699.herokuapp.com/volbel.pdfIn PDF document text
    • https://frozen-oasis-51586.herokuapp.com/MedalofHonorAlliedAssaultBreakthroughAVeRAnTeDKeyGenerator.pdfIn PDF document text
    • https://www.zhijapan.com/wp-content/uploads/2022/06/Evil_Dead_2013_Full_Movie_Hd_1080p_In_Hindi_Download.pdfIn PDF document text
    • http://www.hacibektasdernegi.com/wp-content/uploads/download_the_longest_yard_full_movie_in_hindi.pdfIn PDF document text
    • https://putitouttheretv.com/wp-content/uploads/Wolfram_Alpha_Pro_Crack_LINKed_Tongue.pdfIn PDF document text
    • https://kufenarealestate.com/wp-content/uploads/2022/06/AutoCAD_LT_2005_X86_32bit_Product_Key_And_Xforce_Keygen.pdfIn PDF document text
    • https://www.petscool.ru/upload/files/2022/06/LGIxoz6RDjclSrFz5otN_11_983628c5ca72123ae0bf0743b7279f76_file.pdfIn PDF document text
    • https://intrendnews.com/teamviewer-8-0-19617-premium-with-activatorsolely-by-the-mit-rg-obtain-computer-repack/In PDF document text
    • https://super-sketchy.com/sidharth-bharathan-mallu-actor-leaked-honeymoon-pics-hithttps-scoutmails-com-index301-php-k-sidhar/In PDF document text
    • http://www.barberlife.com/upload/files/2022/06/SYC2zyj5PpxDpMat2bgJ_11_660567b36c2f6baaafd12065eabf16fe_file.pdfIn PDF document text
    • http://saddlebrand.com/?p=15843In PDF document text
    • https://hafeztic.com/wp-content/uploads/2022/06/Rc_Mukherjee_Physical_Chemistry_Ebook_623.pdfIn PDF document text
    • https://www.mangasman.com/ibm-lotus-domino-server-8-5-3-64-bits-free-download.htmlIn PDF document text
    • http://www.flexcompany.com.br/flexbook/upload/files/2022/06/bSI5QvIa8i7YhHxtNhVS_11_660567b36c2f6baaafd12065eabf16fe_file.pdfIn PDF document text
    • https://intense-coast-47840.herokuapp.com/halmal.pdfIn PDF document text
    • https://kufenarealestate.com/wp-In PDF document text
    • https://super-sketchy.com/sidharth-bharathan-mallu-actor-leaked-honeymoon-pics-hithttps-scoutmails-com-index301-php-k-In PDF document text
    • http://www.flexcompany.com.br/flexbook/upload/files/2022/06/bSI5QvIa8i7YhHxtNhVS_11_660567b36c2f6baaafd12065eabIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001418.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1418 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4

Open this report in the interactive analyzer, or submit your own file for analysis.