PDF static analysis report

Static analysis result for SHA-256 93c700f4237dac72…

SUSPICIOUS

PDF

120.0 KB Created: 2022-07-07 21:56:21 +00:00 Authoring application: colwas (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 2ff6cb8275f18b22974070b12da6a330 SHA-1: 13da63570a2b06f7063257851299e11cd988d744 SHA-256: 93c700f4237dac722da8f1f88b9813c31158d17c775865bf76aeaa2798baf145
42 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF document contains heuristics indicating it advertises cracked software and embeds external URLs. One of the primary URLs, http://bestsmartfind.com/aroun?..., appears to be a download lure. The document body is heavily obfuscated, preventing a detailed analysis of its specific intent beyond the cracked software lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0155

Heuristics 4

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bestsmartfind.com/aroun?pallid=&ZG93bmxvYWR8anoyTlhGcWRueDhNVFkxTnpFNE5qazFOWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=&pesh=&aXJyaWNhZCBwcm8gQ3JhY2sgc2VyaWFsIGtleWdlbi5yYXIaXJ=tamron&melikov=globalisation PDF link annotation
    • https://esmuseum.com/wp-content/uploads/2022/07/bartams.pdfIn PDF document text
    • https://officinabio.it/wondershare-dr-fone-for-ios-with-crack-serial-free/In PDF document text
    • http://www.giffa.ru/product-reviewsconsumer-electronics/codegear-rad-studio-2007-crack-top-keygen-14/In PDF document text
    • http://www.ecomsrl.it/el-hombre-tranquilo-1952-hdrip-ac3-xvid-esp-updated/In PDF document text
    • https://bestvacuumforcar.com/sap-crystal-reports-for-visual-studio-2010-64-bit-free-full-download/In PDF document text
    • https://warganesia.id/upload/files/2022/07/kooWDZf8dPuAZIK73pH4_07_8b7ce44f10b846ab119848ae7015962c_file.pdfIn PDF document text
    • https://alafdaljo.com/battlefront-3-alpha-download-exclusive/In PDF document text
    • https://www.sedaguzellikmerkezi.com/cnwf511-windows-10-driver-21-best/In PDF document text
    • https://lannews.net/advert/desarrollo-del-pensamiento-tomo-2-resuelto-pdf-180-upd/In PDF document text
    • https://jatrainingindia.in/cubedesktop-pro-1-3-1-crack-keygen-pes-repack/In PDF document text
    • http://www.myai-world.com/?p=11054In PDF document text
    • https://www.wareham.ma.us/sites/g/files/vyhlif5146/f/uploads/concomfees4.pdfIn PDF document text
    • https://bestonlinestuffs.com/omsi-bus-simulator-free-download-full-version-for-14-repack/In PDF document text
    • https://ayusya.in/inside-out-english-english-subtitle-full-free-movie-download/In PDF document text
    • https://calcvr.org/wp-content/uploads/2022/07/vivamal.pdfIn PDF document text
    • https://clothos.org/advert/oda-bucuriei-ton-de-apel/In PDF document text
    • https://iamjoburg.africa/wp-content/uploads/2022/07/nagiwann.pdfIn PDF document text
    • https://boldwasborn.com/sprint-layout-6-0-rar/In PDF document text
    • http://www.ubom.com/upload/files/2022/07/ECpevXUZNhXlDNefihxh_07_adb49b0f4100ed5e0eedd49ee34ebe8d_file.pdfIn PDF document text
    • http://www.giffa.ru/product-reviewsconsumer-electronics/codegear-rad-In PDF document text
    • https://bestvacuumforcar.com/sap-crystal-reports-for-visual-studio-2010-64-bit-In PDF document text
    • https://warganesia.id/upload/files/2022/07/kooWDZf8dPuAZIK73pH4_07_8b7ceIn PDF document text
    • https://lannews.net/advert/desarrollo-del-pensamiento-tomo-2-resuelto-In PDF document text
    • https://bestonlinestuffs.com/omsi-bus-simulator-free-download-full-version-In PDF document text
    • http://www.ubom.com/upload/files/2022/07/ECpevXUZNhXlDNefihxh_07_adb49In PDF document text
    • https://cingwarmdololata.wixsite.com/consreconub/post/autodesk-revit-2017-torrentIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • https://cingwarmdololata.wixsite.com/consreconub/post/autodesk-In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text