PDF static analysis report

Static analysis result for SHA-256 841b118220ce171e…

SUSPICIOUS

PDF

135.1 KB Created: 2022-07-05 04:04:25 +00:00 Authoring application: ivamar (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: d4b95072be519f6c3b042617dc583a20 SHA-1: d82f2360e08be3776709fde5aed731ec851f5d1f SHA-256: 841b118220ce171ea81e075040d2372a2d86c2ff1181e7c56155b98ad6e77f8c
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple links to websites offering cracked software, specifically Adobe Photoshop. One of the embedded URLs, http://emailgoal.com/helminthiasis.cargeenan?..., appears to be a download link, suggesting the document's primary purpose is to facilitate the download of potentially malicious software disguised as pirated applications. No scripts were extracted, but the presence of numerous external links and the heuristic firing for 'PDF_CRACKED_SOFTWARE_LURE' strongly indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier clean score 0.0050

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://emailgoal.com/helminthiasis.cargeenan?ZG93bmxvYWR8QkE0TldwclpYeDhNVFkxTmprNE1UVXdOSHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=&outgrowing=&UGhvdG9zaG9wIDIwMjEgKFZlcnNpb24gMjIuNSkUGh=starteaching PDF link annotation
    • https://xn--80aagyardii6h.xn--p1ai/adobe-photoshop-2021-version-22-4-2-license-key-for-pc-latest/In PDF document text
    • https://startpointsudan.com/index.php/2022/07/05/photoshop-cs4-free-download-for-windows-updated-2022/In PDF document text
    • https://jodeyo.com/advert/photoshop-2022-version-23-1-serial-key/In PDF document text
    • https://www.customwizard.com.au/sites/default/files/webform/Adobe-Photoshop-2021-Version-2200.pdfIn PDF document text
    • https://www.surfcentertarifa.com/adobe-photoshop-cc-2015-version-16-nulled-for-pc/In PDF document text
    • https://www.saugus-ma.gov/sites/g/files/vyhlif1181/f/uploads/fy_2018_final_values.pdfIn PDF document text
    • https://xtc-hair.com/photoshop-cc-2015-version-16-keygen-crack-serial-key/In PDF document text
    • https://polar-dusk-44273.herokuapp.com/ranahet.pdfIn PDF document text
    • https://germanconcept.com/adobe-photoshop-2021-version-22-1-1-free-license-key-latest-2022/In PDF document text
    • https://fraenkische-rezepte.com/adobe-photoshop-cc-2015-crack-patch-free-license-key-download-pc-windows-updated-2022/In PDF document text
    • https://myvideotoolbox.com/adobe-photoshop-2021-version-22-1-1-keygen-exe-2022-latest/In PDF document text
    • https://alluring-zion-97134.herokuapp.com/Photoshop_2021_Version_2243.pdfIn PDF document text
    • https://htownkitchenandbath.com/2022/07/05/adobe-photoshop-2022-version-23-crack-keygen-mac-win/In PDF document text
    • https://vivegeek.com/wp-content/uploads/2022/07/Adobe_Photoshop_CC_2019_Version_20_3264bit_Updated2022.pdfIn PDF document text
    • https://immense-savannah-77673.herokuapp.com/wilmkry.pdfIn PDF document text
    • http://kolatia.com/?p=9928In PDF document text
    • https://lfbridge.com/upload/files/2022/07/DsVk248QVrczfnsWoOM6_05_85cfd2422ed455b8bdc9b1650bcca4e0_file.pdfIn PDF document text
    • https://amazeme.pl/wp-content/uploads/2022/07/Photoshop_2021_Version_2211_With_License_Key__Activation_Code_With_Keygen.pdfIn PDF document text
    • http://www.superlisten.dk/wp-content/uploads/2022/07/Photoshop_CC_2015_Version_17_Product_Key___Download_3264bit_Latest_2022.pdfIn PDF document text
    • https://monarchcovecondos.com/advert/adobe-photoshop-2022-version-23-4-1-crack-exe-file-x64-march-2022/In PDF document text
    • https://www.ncge.ie/ga/system/files/webform/Photoshop-CC-2018-version-19.pdfIn PDF document text
    • https://akastars.com/upload/files/2022/07/BMy139sDCY3Y7vpbnzHT_05_85cfd2422ed455b8bdc9b1650bcca4e0_file.pdfIn PDF document text
    • https://encontros2.com/upload/files/2022/07/85bOuqwDhgI8r2K1Qu8M_05_85cfd2422ed455b8bdc9b1650bcca4e0_file.pdfIn PDF document text
    • https://centraldomarketing.com/photoshop-2021-version-22-5-keygenerator-download-win-mac/In PDF document text
    • https://www.pamelafiorini.it/2022/07/05/adobe-photoshop-2021-version-22-4-crack-patch/In PDF document text
    • http://sourceofhealth.net/2022/07/05/photoshop-with-license-key-free-for-windows/In PDF document text
    • https://www.reperiohumancapital.com/system/files/webform/fynmelt281.pdfIn PDF document text
    • https://xn--80aagyardii6h.xn--p1ai/adobe-In PDF document text
    • https://startpointsudan.com/index.php/2022/07/05/photoshop-cs4-free-In PDF document text
    • https://www.customwizard.com.au/sites/default/files/webform/Adobe-In PDF document text
    • https://www.surfcentertarifa.com/adobe-photoshop-In PDF document text
    • https://www.saugus-In PDF document text
    • https://xtc-hair.com/photoshop-cc-2015-version-16-keygen-crack-serial-In PDF document text
    • https://germanconcept.com/adobe-photoshop-2021-version-22-1-1-free-In PDF document text
    • https://fraenkische-rezepte.com/adobe-photoshop-cc-2015-crack-patch-In PDF document text
    • https://myvideotoolbox.com/adobe-In PDF document text
    • https://alluring-In PDF document text
    • https://htownkitchenandbath.com/2022/07/05/adobe-In PDF document text
    • https://vivegeek.com/wp-content/uploads/2022/07/Adobe_Photoshop_CCIn PDF document text
    • https://lfbridge.com/upload/files/2022/07/DsVk248QVrczfnsWoOM6_05_8In PDF document text
    • https://amazeme.pl/wp-content/uploads/2022/07/Photoshop_2021_VersioIn PDF document text
    • http://www.superlisten.dk/wp-content/uploads/2022/07/Photoshop_CC_2In PDF document text
    • https://monarchcovecondos.com/advert/adobe-In PDF document text
    • https://www.ncge.ie/ga/system/files/webform/Photoshop-In PDF document text
    • https://akastars.com/upload/files/2022/07/BMy139sDCY3Y7vpbnzHT_05_In PDF document text
    • https://encontros2.com/upload/files/2022/07/85bOuqwDhgI8r2K1Qu8M_0In PDF document text
    • https://centraldomarketing.com/photoshop-2021-version-22-5-keygeneraIn PDF document text
    • https://www.pamelafiorini.it/2022/07/05/adobe-In PDF document text
    • http://sourceofhealth.net/2022/07/05/photoshop-with-license-key-free-for-In PDF document text
    +16 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003f5b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3F5B 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000c747.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC747 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261