PDF static analysis report

Static analysis result for SHA-256 8ace77c2078e49f8…

SUSPICIOUS

PDF

158.5 KB Created: 2022-07-05 23:34:20 +00:00 Authoring application: derfou (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 84ad0de2e8ebc4fd1addea3b920d5c50 SHA-1: 59856ef80bd860d2929a0501ac1d0fc3eee85c86 SHA-256: 8ace77c2078e49f8bd07e40451d9db3210a25d1bcafc747dac1bf689d8e14e57
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple embedded URLs that advertise cracked software and game downloads, specifically mentioning 'FIFA 22'. One heuristic identified a link farm advertising cracked software. The primary malicious URL identified is http://thedirsite.com/ambulance/gillberg/ which likely serves as a downloader or redirector to malicious content.

Machine Learning

  • Nyx PDF Classifier clean score 0.0053

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://thedirsite.com/ambulance/gillberg/?bonus=RmlmYSAyMgRml&ZG93bmxvYWR8M0hpWW05MWFueDhNVFkxTnpBek5qSXlNM3g4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=jenks&jetta= PDF link annotation
    • https://nashvilleopportunity.com/fifa-22-key-generator-download-pcwindows-updated-2022/In PDF document text
    • http://www.hva-concept.com/fifa-22-crack-patch-with-full-keygen-free-download/In PDF document text
    • https://efekt-metal.pl/witaj-swiecie/In PDF document text
    • https://fast-lake-65521.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://stormy-wildwood-78230.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://historic-mesa-verde-54735.herokuapp.com/morfit.pdfIn PDF document text
    • https://xn--80aagyardii6h.xn--p1ai/fifa-22-keygen-only-2022-128147/In PDF document text
    • http://dragonsecho.com/?p=9656In PDF document text
    • https://biomolecular-lab.it/fifa-22-free-download-win-mac-2022-new/In PDF document text
    • https://romans12-2.org/fifa-22-crack-patch-free-latest-2022/In PDF document text
    • https://dazzling-big-bend-13550.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://sheltered-springs-44436.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://ancient-spire-92264.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://citywharf.cn/fifa-22-crack-mega-download-3264bit-updated-2022/In PDF document text
    • https://calm-inlet-28564.herokuapp.com/daympenm.pdfIn PDF document text
    • http://iptvpascher.com/?p=32777In PDF document text
    • https://guaraparadise.com/2022/07/05/fifa-22-patch-full-version-keygen-full-version/In PDF document text
    • https://historic-biscayne-00056.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://earthoceanandairtravel.com/2022/07/05/fifa-22-crack-patch-with-serial-key-download-3264bit/In PDF document text
    • https://pacific-bastion-55135.herokuapp.com/khricath.pdfIn PDF document text
    • https://nashvilleopportunity.com/fifa-22-key-generator-download-In PDF document text
    • http://www.hva-concept.com/fifa-22-crack-patch-with-full-keygen-In PDF document text
    • https://xn--80aagyardii6h.xn--p1ai/fifa-22-keygen-In PDF document text
    • https://citywharf.cn/fifa-22-crack-mega-download-3264bit-In PDF document text
    • https://guaraparadise.com/2022/07/05/fifa-22-patch-full-version-In PDF document text
    • https://earthoceanandairtravel.com/2022/07/05/fifa-22-crack-patch-In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text