Malicious PDF — malware analysis report

Static analysis result for SHA-256 81c35b05d20bcaf8…

MALICIOUS

PDF

69.5 KB Created: 2022-12-13 02:26:53 +00:00 Authoring application: lisajus (via mPDF 8.1.2) First seen: 2026-06-28
MD5: 38dcc5c09bdbacc58e65942e5e99d00c SHA-1: cf80dfc740e0bb1eac592b77d0e2dff2fe90132f SHA-256: 81c35b05d20bcaf8a05e8a67b80b16639076c509cc370f279d13ab32a494a128
94 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0033

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://find24hs.com/evince/.ninteenth/.pinhey/VHJhZmZpY1Byb2dyYW1tZXIgRnJlZQVHJ/nursery/viscose.ZG93bmxvYWR8TTQ3WkRBM2RYeDhNVFkzTURnek5ETXdPWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA PDF link annotation
    • https://jemi.so/new-fidic-red-book-pdf-[hotIn PDF document text
    • https://joyme.io/exemxloruIn PDF document text
    • https://jemi.so/axtrom-vga-xtvnx72gs256-nvidia314In PDF document text
    • https://520bhl.com/wp-content/uploads/2022/12/Antechinus-JavaScript-Editor-Crack-Free-Registration-Code-WinMac.pdfIn PDF document text
    • http://ims-tein.com/wp-content/uploads/2022/12/Timed-Shutdown-Crack-Free-License-Key-Download-MacWin.pdfIn PDF document text
    • https://thecluelesscoffee.com/wp-content/uploads/2022/12/elisdar.pdfIn PDF document text
    • https://www.touchegraphik.com/wp-content/uploads/2022/12/SupplyChain.pdfIn PDF document text
    • https://stroitelniremonti.com/wp-content/uploads/2022/12/giomar.pdfIn PDF document text
    • https://futcoinsshop.ru/wp-content/uploads/2022/12/jaemophi.pdfIn PDF document text
    • https://www.careemergencytoolkit.org/wp-content/uploads/2022/12/JaMP-Player-Crack-Full-Product-Key-WinMac.pdfIn PDF document text
    • https://mentoring4good.com/wp-content/uploads/2022/12/karforb.pdfIn PDF document text
    • https://hilfeindeinerstadt.de/wp-content/uploads/2022/12/CSV-Look-Crack-Download-MacWin-April2022.pdfIn PDF document text
    • https://realbeen.com/wp-content/uploads/2022/12/QA-Wizard-Pro-Crack-Download-PCWindows.pdfIn PDF document text
    • http://ims-tein.com/wp-content/uploads/2022/12/timed-shutdown-crack-free-license-key-download-macwin.pdfIn PDF document text
    • http://dejavu.sourceforge.netFontsIn PDF document text
    • https://techplanet.today/post/salaam-e-ishq-meri-jaan-1080p-vs-720p-1In PDF document text
    • https://tealfeed.com/netcad-51-full-indir-gezginler-patched-kpewiIn PDF document text
    • https://tealfeed.com/full-version-free-download-bookworm-adventures-xiqyaIn PDF document text
    • https://new.c.mi.com/my/post/636577/Deskproto_6_64_Bit_Crackrar_LINKIn PDF document text
    • https://tealfeed.com/miracle-frp-tool-v149-135-model-phspjIn PDF document text
    • https://techplanet.today/post/logicminimizer121withserial-linkIn PDF document text
    • https://techplanet.today/post/superior-drummer-20-the-metal-foundry-keygen-torrent-hotIn PDF document text
    • https://techplanet.today/post/makemkv-1147-crack-hot-2020-serial-keyIn PDF document text
    • https://techplanet.today/post/windowsse7entitanx64-download-exclusive-pcIn PDF document text
    • https://techplanet.today/post/windows-7-arium-32-bitsIn PDF document text
    • https://techplanet.today/post/flash-disk-lock-17-hotIn PDF document text
    • https://techplanet.today/post/incredimail-2-premium-629-build-5203-final-incredibackup-crack-2021In PDF document text
    • http://dejavu.sourceforge.netIn PDF document text
    • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
    • http://dejavu.sourceforge.net/wiki/index.php/LicenseDejaVuIn PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off00003fdd.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3FDD 19940 bytes
SHA-256: 251ce1af898779d99b356ba27295b0cb68dcfacc1ad5d83a73e767f3cf7d6f02
font_01_sfnt_off000075ab.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x75AB 26088 bytes
SHA-256: 5033a414690e9342a112807f094ab9ad7c579a500dedc23b8056063003709ba7
font_02_sfnt_off0000aaa6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAAA6 26892 bytes
SHA-256: 440ba7b1b0fb2eb971275b07a98648fad327a18a6221b47420b3d824bf3a407a
font_03_sfnt_off0000e14c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE14C 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8

Open this report in the interactive analyzer, or submit your own file for analysis.