PDF static analysis report

Static analysis result for SHA-256 7fc9545e040eaef9…

SUSPICIOUS

PDF

131.6 KB Created: 2022-07-05 01:33:03 +00:00 Authoring application: shorsaal (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: edf3747f675ff2c5fd60eb400158abf0 SHA-1: a4d03204693b7e3ead0d76e307cce5d7c687b47f SHA-256: 7fc9545e040eaef90c58e88e0aa422167dc36349c6ff174177c3a806181337be
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains heuristics indicating it advertises cracked software, with multiple embedded URLs pointing to such content. One specific URL, http://awarefinance.com/electrodes/cottonwoods.famil?heard=ZG93bmxvYWR8a0g2TVdGMFlYeDhNVFkxTmprNE1UVXdOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.UGhvdG9zaG9wIENDIDIwMTUgdmVyc2lvbiAxNgUGh.hirschenkogel.hyoid.subjective, was identified as an external URI. The document body was heavily obfuscated and unreadable, preventing further analysis of its direct content.

Machine Learning

  • Nyx PDF Classifier clean score 0.0079

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://awarefinance.com/electrodes/cottonwoods.famil?heard=ZG93bmxvYWR8a0g2TVdGMFlYeDhNVFkxTmprNE1UVXdOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.UGhvdG9zaG9wIENDIDIwMTUgdmVyc2lvbiAxNgUGh.hirschenkogel.hyoid.subjective PDF link annotation
    • https://worlegram.com/upload/files/2022/07/r5mdR6MkrKlwbQnUFiYQ_05_30be16b6f497e0b259faa27d643fadca_file.pdfIn PDF document text
    • https://www.iamexpat.de/system/files/webform/contact/edsehea423.pdfIn PDF document text
    • https://ideaboz.com/2022/07/05/adobe-photoshop-cs3-keygen-exe-activation-code-with-keygen-free-download-for-windows/In PDF document text
    • https://www.fooos.fun/social/upload/files/2022/07/6rJkMN1uApfzaqlJEDJc_05_30be16b6f497e0b259faa27d643fadca_file.pdfIn PDF document text
    • https://www.reiki.swiss/blog/index.php?entryid=4919In PDF document text
    • https://www.reperiohumancapital.com/system/files/webform/Adobe-Photoshop-2021-Version-224_4.pdfIn PDF document text
    • https://spaziofeste.it/wp-content/uploads/Photoshop_2022_Version_2302_Patch_With_Serial_Key_Latest.pdfIn PDF document text
    • https://elearning.zonuet.com/blog/index.php?entryid=5283In PDF document text
    • https://cambodiaonlinemarket.com/adobe-photoshop-2021-version-22-1-0-hack-patch-with-license-code-free-download-2022/In PDF document text
    • https://oceanofcourses.com/adobe-photoshop-2022-version-23-4-1-with-key-mac-win-2022/In PDF document text
    • http://demo.funneldrivenroi.com/council/upload/files/2022/07/DGla86BOuf9MnGBnkuPb_05_804ceda7a85ee6f0d5ec22d9a0f46d89_file.pdfIn PDF document text
    • http://rootwordsmusic.com/2022/07/05/photoshop-2021-version-22-5-1-hacked-pc-windows/In PDF document text
    • https://bascomania.com/wp-content/uploads/2022/07/Photoshop_2022_Version_232_KeyGenerator__Latest_2022.pdfIn PDF document text
    • http://indiatownship.com/?p=17913In PDF document text
    • https://ead.institutoinsigne.com.br/blog/index.php?entryid=7197In PDF document text
    • https://www.footballdelhi.com/adobe-photoshop-express-license-keygen-april-2022/In PDF document text
    • https://mandarinrecruitment.com/system/files/webform/grarock736.pdfIn PDF document text
    • http://websiteusahawan.com/?p=5374In PDF document text
    • https://www.waggners.com/wp-content/uploads/Photoshop_2022_Version_2302.pdfIn PDF document text
    • https://dronezone-nrw.2ix.de/advert/adobe-photoshop-cc-2015-keygen-only-incl-product-key-updated-2022/In PDF document text
    • https://plascobel.eu/nl/system/files/webform/adobe-photoshop-cc-2019.pdfIn PDF document text
    • https://ebs.co.zw/advert/adobe-photoshop-2022-version-23-4-1-hack-3264bit/In PDF document text
    • http://t2tnews.com/photoshop-2021-version-22-4-crack-activation-code-free-registration-code-updated/In PDF document text
    • https://yachay.unat.edu.pe/blog/index.php?entryid=9157In PDF document text
    • https://germanconcept.com/wp-content/uploads/2022/07/Photoshop_2020_version_21_Activation_Code_With_Keygen_Free_WinMac.pdfIn PDF document text
    • https://acsa2009.org/advert/adobe-photoshop-2021-version-22-5-1-crack-activation-code-activator-mac-win/In PDF document text
    • https://ideaboz.com/2022/07/05/adobe-photoshop-cs3-keygen-exe-activation-code-with-keygen-free-download-for-In PDF document text
    • https://cambodiaonlinemarket.com/adobe-photoshop-2021-version-22-1-0-hack-patch-with-license-code-free-In PDF document text
    • http://demo.funneldrivenroi.com/council/upload/files/2022/07/DGla86BOuf9MnGBnkuPb_05_804ceda7a85ee6f0d5ec22d9aIn PDF document text
    • https://germanconcept.com/wp-In PDF document text
    • https://horsnuscpubdispmar.wixsite.com/fiecripuzta/post/adobe-photoshop-2022-version-23-0-1-serial-number-and-product-key-crack-downloadIn PDF document text
    • http://menssame.yolasite.com/resources/Photoshop-CC-2015-Version-17-Product-Key---With-Serial-Key-PCWindows.pdfIn PDF document text
    • https://www.cakeresume.com/portfolios/photoshop-2020-version-21-nulled-with-serial-keIn PDF document text
    • https://aildi.arizona.edu/system/files/webform/Adobe-Photoshop-2021-Version-222.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • https://horsnuscpubdispmar.wixsite.com/fiecripuzta/post/adobe-photoshop-2022-version-23-0-1-serial-number-and-In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text
    • http://menssame.yolasite.com/resources/photoshop-cc-2015-version-17-product-key---with-serial-key-pcwindows.pdfIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000258e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x258E 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000ad7a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAD7A 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261