Malicious PDF — malware analysis report

Static analysis result for SHA-256 844fff583ad8d99a…

MALICIOUS

PDF

121.3 KB Created: 2022-07-04 03:29:04 +00:00 Authoring application: phylest (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: a0eb3ab606cdcb56186f39c52c5fcbe0 SHA-1: 09c8887016de5f29f0c12ab780abe3387ddcfa0b SHA-256: 844fff583ad8d99ab935269f1ffcc6efe5dea99e212c236a699ac7879d9d1105
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a link farm advertising cracked software, with multiple external URLs pointing to potentially malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of external links, and 'PDF_CRACKED_SOFTWARE_LURE' specifically identifies the promotion of pirated software. The presence of embedded URLs suggests an attempt to redirect the user to these malicious sites.

Machine Learning

  • Nyx PDF Classifier clean score 0.0149

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bestsmartfind.com/duly.Z2F0ZVByb3RlY3QgVlBOIENsaWVudAZ2F/ether=greatway/pdif=ZG93bmxvYWR8WXY3TlRscmJueDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/hustler.panchkarma
    • https://mdmresourcing.com/sites/default/files/webform/dagpazy88.pdf
    • https://www.tailormade-logistics.com/sites/default/files/webform/bluesoleil-sdk.pdf
    • https://inobee.com/upload/files/2022/07/aIvIk9m6ULXSgJB9lFCG_04_c2764c9bd3f56e892381c56316657eae_file.pdf
    • https://yemensouq.com/wp-content/uploads/2022/07/JiveX_dv_Viewer__Crack_MacWin.pdf
    • https://ksycomputer.com/norton-studio-store-app-1-3-0-32-crack-with-key-for-windows-latest/
    • https://colored.club/upload/files/2022/07/V1dGe3x2Gnp5olRoLy5s_04_b409737da528f9ad1e102f1719db5043_file.pdf
    • https://xn--80aagyardii6h.xn--p1ai/stormruler-crack-free-license-key-free-128077/
    • https://www.incubafric.com/wp-content/uploads/2022/07/Tipard_Video_Enhancer.pdf
    • http://scamfie.com/?p=25887
    • https://superstitionsar.org/plantuml-crack-serial-number-full-torrent-free/
    • https://tygerspace.com/upload/files/2022/07/5fcrOeWsegJVhDsxvRDp_04_c2764c9bd3f56e892381c56316657eae_file.pdf
    • https://americanglassresearch.com/sites/default/files/webform/walwquy47.pdf
    • http://www.hva-concept.com/printscreen-crack-free-license-key/
    • http://www.renexus.org/network/upload/files/2022/07/h933U1wuiBHLSxPDzhOF_04_c2764c9bd3f56e892381c56316657eae_file.pdf
    • https://www.danke-eltern.de/wp-content/uploads/2022/07/dacengl.pdf
    • https://www.afrogoatinc.com/upload/files/2022/07/fX6vpF1WTT3BJMFyg2DF_04_b409737da528f9ad1e102f1719db5043_file.pdf
    • http://sagitmymindasset.com/?p=5678
    • https://www.north-reading.k12.ma.us/sites/g/files/vyhlif1001/f/uploads/sc_2021-22_final_goals.pdf
    • https://www.americanchillpodcast.com/upload/files/2022/07/6Rb6ywuofrqLHZAi4OQK_04_c2764c9bd3f56e892381c56316657eae_file.pdf
    • https://inobee.com/upload/files/2022/07/aIvIk9m6ULXSgJB9lFCG_04_c2764c9bd3f56e892381c56316
    • https://colored.club/upload/files/2022/07/V1dGe3x2Gnp5olRoLy5s_04_b409737da528f9ad1e102f171
    • https://tygerspace.com/upload/files/2022/07/5fcrOeWsegJVhDsxvRDp_04_c2764c9bd3f56e892381c5
    • http://www.renexus.org/network/upload/files/2022/07/h933U1wuiBHLSxPDzhOF_04_c2764c9bd3f56e
    • https://www.afrogoatinc.com/upload/files/2022/07/fX6vpF1WTT3BJMFyg2DF_04_b409737da528f9ad1
    • https://www.americanchillpodcast.com/upload/files/2022/07/6Rb6ywuofrqLHZAi4OQK_04_c2764c9bd
    • https://tasdeholritho.wixsite.com/bicomleftse/post/rpm-remote-print-manager-elite-2-0-0-637-crack-license-key-full-free-pc-windows
    • http://www.tcpdf.org
    • https://tasdeholritho.wixsite.com/bicomleftse/post/rpm-remote-print-manager-elite-2-0-0-637-crack-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.