Malware Insights
The PDF document contains multiple embedded URLs that advertise cracked software, indicating a lure to download potentially malicious files. One of the URLs, http://thedirsite.com/ZG93bmxvYWR8RE83TVhGaWRYeDhNVFkxTnpBek5qSXlNM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.transformer/unsung/attributing/cordite/elasticised/hadiya&RmlmYSAyMgRml/huayu, is particularly suspicious and likely serves as a download link for a second-stage payload. The document body was unreadable, but the heuristic firings strongly suggest a malicious intent.
Machine Learning
- Nyx PDF Classifier clean score 0.0062
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://thedirsite.com/ZG93bmxvYWR8RE83TVhGaWRYeDhNVFkxTnpBek5qSXlNM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.transformer/unsung/attributing/cordite/elasticised/hadiya&RmlmYSAyMgRml/huayu PDF link annotation
- https://ilumatica.com/fifa-22-full-license-activation-key-free-latest-2022/In PDF document text
- https://marketing6s.com/index.php/advert/fifa-22-3/In PDF document text
- https://buyfitnessequipments.com/2022/07/05/fifa-22-crack-patch-product-key-full-free-download-latest/In PDF document text
- https://www.hungryhowies.com/system/files/webform/fifa-22_7.pdfIn PDF document text
- https://www.chiesacristiana.eu/2022/07/05/fifa-22-serial-number-activation-key-free-for-windows-updated-2022/In PDF document text
- https://www.lapelpinscustom.com.au/sites/www.lapelpinscustom.com.au/files/webform/Fifa-22_17.pdfIn PDF document text
- https://www.imacbelgie.be/sites/default/files/webform/fifa-22.pdfIn PDF document text
- https://www.wcdefa.org/advert/fifa-22-universal-keygen-free-win-mac/In PDF document text
- http://www.renexus.org/network/upload/files/2022/07/pZuAAbt9XVHCmcS6lhvU_05_91060ec9b56edb17c9941e67d3799761_file.pdfIn PDF document text
- https://bestonlinestuffs.com/wp-content/uploads/2022/07/Fifa_22-1.pdfIn PDF document text
- http://imeanclub.com/?p=76573In PDF document text
- https://ayusya.in/wp-content/uploads/Fifa_22_universal_keygen__Torrent_Free_Download_For_PC_Final_2022.pdfIn PDF document text
- https://codigoderecarga.com/wp-content/uploads/2022/07/Fifa_22_Product_Key_Full.pdfIn PDF document text
- https://margheritapelaschier.com/fifa-22-serial-number-license-key-full-download/In PDF document text
- https://amaderkishoreganj.com/fifa-22-nulled-license-code-keygen-download/In PDF document text
- https://www.cab-bc.org/system/files/webform/complaint_proof/chouri378.pdfIn PDF document text
- https://poetbook.com/upload/files/2022/07/VvdKC5gL9u3q8yOakV3y_05_1b522d96fabae4c050b59716e87e2369_file.pdfIn PDF document text
- http://www.antiquavox.it/fifa-22-incl-product-key-free/In PDF document text
- https://lll.dlxyjf.com/upload/files/2022/07/u8nPyVyNI5fAPWENNKIp_05_91060ec9b56edb17c9941e67d3799761_file.pdfIn PDF document text
- https://alafdaljo.com/fifa-22-crack-with-serial-number-license-key-full/In PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006af9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AF9 | 84508 bytes |
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c |
|||
font_01_sfnt_off0000f2e5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF2E5 | 83036 bytes |
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.