PDF static analysis report

Static analysis result for SHA-256 85aa3d6caf465def…

SUSPICIOUS

PDF

145.0 KB Created: 2022-07-05 18:35:25 +00:00 Authoring application: patisak (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: a94e9075c40b8c701fe7bb9578c29c00 SHA-1: abdf69819097e8378ffcabf256edab46ffd805ab SHA-256: 85aa3d6caf465defaf81b454b915a0441ec4d4e80660f526d255c400a851595f
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple links and heuristics indicating it is designed to lure users into downloading cracked software. The embedded URI and several other URLs point to sites offering pirated software, suggesting a malicious intent to redirect users to potentially harmful content or downloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.0071

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://seachtop.com/ZG93bmxvYWR8S1I5TkhWcmQzeDhNVFkxTnpBek5qSXlNM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/realdinosaurs/ferran.flea.RmlmYSAyMgRml?flyboy=recoletos&toiles=comforters PDF link annotation
    • https://www.pickupevent.com/fifa-22-keygen-only-with-license-code-final-2022/In PDF document text
    • https://crazywordsmith.com/wp-content/uploads/2022/07/aishder.pdfIn PDF document text
    • https://vogelmorntennisclub.com/fifa-22-full-license-with-license-key-free-download-updated/In PDF document text
    • https://lysteninc.com/2022/07/05/fifa-22-nulled-for-windows-march-2022/In PDF document text
    • https://dwfind.org/fifa-22-3/In PDF document text
    • https://www.hhlacademy.com/advert/fifa-22-activation-download/In PDF document text
    • https://grandioso.immo/fifa-22-license-key-march-2022/In PDF document text
    • https://www.illuzzzion.com/socialnet/upload/files/2022/07/OJ7RGSqp2WBMgUPR7Rbl_05_2431985f99c7652a588e01ef726cb2a3_file.pdfIn PDF document text
    • https://www.juniperhillpta.uk/wp-content/uploads/2022/07/papivol.pdfIn PDF document text
    • http://jeunvie.ir/?p=6083In PDF document text
    • https://breathelifebr.org/wp-content/uploads/2022/07/Fifa_22_Product_Key__Product_Key_Full_MacWin_Updated_2022.pdfIn PDF document text
    • https://www.kpu.ca/system/files/webform/psychology/Fifa-22.pdfIn PDF document text
    • https://studygoodenglish.com/course/blog/index.php?entryid=3167In PDF document text
    • http://chatroom.thabigscreen.com:82/upload/files/2022/07/ZjJfD7lkTUWfxRVUgbfJ_05_1c86587186789d57d4410b224c83ba78_file.pdfIn PDF document text
    • https://mydreamfinances.com/index.php/2022/07/05/fifa-22-updated-2022/In PDF document text
    • http://humuun.edu.mn/blog/index.php?entryid=18586In PDF document text
    • https://womss.com/fifa-22-free-download-updated-2022/In PDF document text
    • https://www.myshareshow.com/upload/files/2022/07/RRnwt4hwSvn5VL3UD9gg_05_1c86587186789d57d4410b224c83ba78_file.pdfIn PDF document text
    • https://nysccommunity.com/advert/fifa-22-crack-exe-file-license-code-keygen-download-3264bit/In PDF document text
    • https://texasappleseed.org/system/files/webform/Fifa-22.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00006df3.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6DF3 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000f5df.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF5DF 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261