PDF static analysis report

Static analysis result for SHA-256 832af951ae725e24…

SUSPICIOUS

PDF

120.4 KB Created: 2022-07-05 01:37:43 +00:00 Authoring application: charhan (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 1aad048d4ebb54a430b7d5651a374ed0 SHA-1: 22af0f6f500bd6b37038f4761b9e0a9d7c65129f SHA-256: 832af951ae725e24c2e2470fe32440970f4c017ca38c52121a53589152415575
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple links advertising cracked software, a common lure for users seeking pirated applications. The embedded URLs, such as http://widesearchengine.com/burress/..., likely lead to the download of malicious payloads. While no scripts were extracted, the heuristic firings strongly indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0378

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://widesearchengine.com/burress/nung.UGhvdG9zaG9wIENDIDIwMTUUGh/cert.editions.ZG93bmxvYWR8NnM2TVdabmQzeDhNVFkxTmprNE1UVXdOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.clouding.epoque.moufats PDF link annotation
    • http://purosautosdallas.com/?p=31832In PDF document text
    • https://maniatech-academy.co.uk/blog/index.php?entryid=5In PDF document text
    • https://besttoolguide.com/2022/07/05/photoshop-2021-version-22-2-keygen-crack-setup-with-keygen-free-download-april-2022/In PDF document text
    • https://kuchawi.com/adobe-photoshop-2021-version-22-3264bit/In PDF document text
    • http://www.alaskastar.com/sites/alaskastar.com/files/webform/delafab833.pdfIn PDF document text
    • http://thetruckerbook.com/2022/07/05/photoshop-2021-version-22-0-1-install-crack-activation-key-2022-new-2/In PDF document text
    • https://xn--80aagyardii6h.xn--p1ai/photoshop-cc-2015-keygen-crack-serial-key-latest-2022/In PDF document text
    • http://iptvpascher.com/?p=31296In PDF document text
    • https://pelangideco.com/wp-content/uploads/2022/07/Adobe_Photoshop_CC_2015_Version_18_Free_License_Key.pdfIn PDF document text
    • https://www.chesapeakemarineinst.com/adobe-photoshop-cc-2014-activation-product-key-free-download/In PDF document text
    • https://escuelainternacionaldecine.com/blog/index.php?entryid=3009In PDF document text
    • https://ozrural.com/index.php/advert/adobe-photoshop-2022-version-23-1-nulled-updated-2022/In PDF document text
    • https://undergroundfrequency.com/upload/files/2022/07/qGdOTnNMGcEzoUtcXzRg_05_9ca359dddbea608087a25f290e0feaed_file.pdfIn PDF document text
    • https://pascanastudio.com/adobe-photoshop-2021-version-22-4-3-with-full-keygen/In PDF document text
    • https://nucleodenegocios.com/photoshop-cc-2019-with-license-key-with-keygen-free-march-2022/In PDF document text
    • https://emprendex.udeclass.com/blog/index.php?entryid=3079In PDF document text
    • https://www.amphenolalden.com/system/files/webform/Photoshop-2020.pdfIn PDF document text
    • https://yachay.unat.edu.pe/blog/index.php?entryid=9171In PDF document text
    • https://online-kassa.store/online-kassy/adobe-photoshop-2021-version-22-hacked-free-download-x64-2022/In PDF document text
    • http://gomeztorrero.com/adobe-photoshop-cc-2015-version-18-crack-exe-file-3264bit/In PDF document text
    • http://youthclimatereport.org/pictures-cat/adobe-photoshop-2022-version-23-2-hack-patch-free-download/In PDF document text
    • https://vietnamnuoctoi.com/upload/files/2022/07/NYHLPIUUVIJm2cyAMvv4_05_d70c73d5789577fd2a705bb5339891ea_file.pdfIn PDF document text
    • https://www.fooos.fun/social/upload/files/2022/07/zLYI8VPlqd9EGYffyG9n_05_9ca359dddbea608087a25f290e0feaed_file.pdfIn PDF document text
    • https://alumni.armtischool.com/upload/files/2022/07/B5oTseEZAOvNMfPObJlf_05_2b854eb167b3136ee66bc805022b69a7_file.pdfIn PDF document text
    • https://www.cbdorganics.mx/wp-content/uploads/2022/07/Photoshop_CC_2014.pdfIn PDF document text
    • https://theangelicconnections.com/photoshop-cc-2015-version-17-product-key-full-for-windows/In PDF document text
    • https://likesmeet.com/upload/files/2022/07/bQgn5LY4UBvWW9IlPzI1_05_2b854eb167b3136ee66bc805022b69a7_file.pdfIn PDF document text
    • https://trello.com/c/aws2qtqh/117-photoshop-crack-serial-number-free-download-april-2022In PDF document text
    • http://lesragee.yolasite.com/resources/Photoshop-2021-version-22-Hacked--April2022.pdfIn PDF document text
    • https://spacezozion.nyc3.digitaloceanspaces.com/upload/files/2022/07/ji5NpBCZEsSirXLJ6LkY_05_ccdc2dbf78e1fdaff80697f7c072c0f6_file.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000027cf.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x27CF 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000afbb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAFBB 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261