Malicious PDF — malware analysis report

Static analysis result for SHA-256 94114cd10afa8ef7…

MALICIOUS

PDF

137.4 KB Created: 2022-07-20 11:36:44 +00:00 Authoring application: hanreny (via PDF Master 1.0.1) First seen: 2026-06-12
MD5: 4947d4b54d7951d83d2a3e0b36b6987a SHA-1: 0ca1c0f422086bc6521977a254756ad0f023bf34 SHA-256: 94114cd10afa8ef7ecd0dde189cd979c1245e4b8d3ce2b62797a8670bb74e9b3
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF contains a large number of external links, many of which advertise cracked software. One of the primary links points to a URL that appears to be designed for downloading potentially malicious files. The document's structure and content suggest it's a lure to trick users into downloading unwanted or harmful software.

Machine Learning

  • Nyx PDF Classifier clean score 0.0005

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dawnloadonline.com/query/activations/sideboards/crispus=ZG93bmxvYWR8b0kyYjJGeFpueDhNVFkxT0RJeU1EZzJObng4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/?UmVsYXhhdGlvbiBiYWxscwUmV=drivertise PDF link annotation
    • https://genezabrands.com/wp-content/uploads/2022/07/Aegis.pdfIn PDF document text
    • https://socks-dicarlo.com/wp-content/uploads/2022/07/Childhood_Fears_keygen_only___Patch_With_Serial_Key_Download.pdfIn PDF document text
    • https://www.idhealthagency.com/fitness-exercises/weight-loss/gare-sapphire-mechs-trainer-latest/In PDF document text
    • https://www.cdnapolicity.it/wp-content/uploads/2022/07/gipdesi.pdfIn PDF document text
    • http://www.expo15online.com/advert/the-world-after-hack-mod-with-full-keygen-updated-2022/In PDF document text
    • https://www.abiabc.com/wp-content/uploads/2022/07/geapal.pdfIn PDF document text
    • https://www.siriusarchitects.com/advert/fire-boy-keygen-only-with-registration-code-download-x64/In PDF document text
    • https://fitenvitaalfriesland.nl/lost-in-labs-cheat-code/In PDF document text
    • https://www.solomaco.org/2022/07/20/cities-in-motion-2-european-cities-full-license-download/In PDF document text
    • https://cdn.lyv.style/wp-content/uploads/2022/07/20133640/NDE_Rescue.pdfIn PDF document text
    • http://www.trabajosfacilespr.com/bundled-3-month-premium-access-product-key-for-pc-2022/In PDF document text
    • https://josecarlospereira.com/��������������������������-with-license-key-license-key-full/In PDF document text
    • https://jonathangraystock.com/2022/07/20/dead-bits-soundtrack-product-key-torrent-free/In PDF document text
    • http://vietditru.org/advert/bassmaster-fishing-2022-elite-fishing-equipment-pack-trainer-free-download-march-2022/In PDF document text
    • https://uk-ok.com/wp-content/uploads/2022/07/Fantasy_Grounds__Rippers_Savage_Worlds.pdfIn PDF document text
    • https://sugaringspb.ru/flying-pengy-mega-bounce-music-theme-product-key-free-download-pc-windows-latest/In PDF document text
    • http://saddlebrand.com/?p=63925In PDF document text
    • http://ticketguatemala.com/wp-content/uploads/2022/07/darnim.pdfIn PDF document text
    • https://kingspremiumhemp.com/wp-content/uploads/2022/07/Must_Reach_Crack_Keygen__Activation_Free_For_PC_2022.pdfIn PDF document text
    • https://melaniegraceglobal.com/wp-content/uploads/2022/07/quarandr.pdfIn PDF document text
    • https://socks-dicarlo.com/wp-content/uploads/2022/07/Childhood_Fears_keygIn PDF document text
    • https://www.idhealthagency.com/fitness-exercises/weight-loss/gare-sapphire-In PDF document text
    • http://www.expo15online.com/advert/the-world-after-hack-mod-with-full-In PDF document text
    • https://www.siriusarchitects.com/advert/fire-boy-keygen-only-with-In PDF document text
    • https://www.solomaco.org/2022/07/20/cities-in-motion-2-european-cities-full-In PDF document text
    • http://www.trabajosfacilespr.com/bundled-3-month-premium-access-product-In PDF document text
    • https://jonathangraystock.com/2022/07/20/dead-bits-soundtrack-product-key-In PDF document text
    • http://vietditru.org/advert/bassmaster-fishing-2022-elite-fishing-equipment-In PDF document text
    • https://uk-ok.com/wp-In PDF document text
    • https://sugaringspb.ru/flying-pengy-mega-bounce-music-theme-product-key-In PDF document text
    • https://kingspremiumhemp.com/wp-content/uploads/2022/07/Must_Reach_CrIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text