Malware Insights
The PDF document contains heuristics indicating it advertises cracked software, a common lure for malicious documents. It embeds multiple external URLs, one of which is flagged as a potential threat. The primary URL, http://evacdir.com/aptos/balkline/bertha/balconies&goudkov/ZG93bmxvYWR8bnU5TnpsdWNYeDhNVFkxTkRjNE1EZzNPWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/loyal?Y2FiYWwgZnVqaSB0cmFpbmVyIGZyZWUgZG93bmxvYWQY2F=mansards, is likely used to download a secondary payload. The document body was not sufficiently readable to provide further context.
Machine Learning
- Nyx PDF Classifier clean score 0.0093
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/aptos/balkline/bertha/balconies&goudkov/ZG93bmxvYWR8bnU5TnpsdWNYeDhNVFkxTkRjNE1EZzNPWHg4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/loyal?Y2FiYWwgZnVqaSB0cmFpbmVyIGZyZWUgZG93bmxvYWQY2F=mansards PDF link annotation
- http://www.jbdsnet.com/wp-content/uploads/2022/06/weight_gain_game.pdfIn PDF document text
- https://gardeners-market.co.uk/advert/iwisoft-free-video-converter-3-4-crack-hot/In PDF document text
- https://wonderchat.in//upload/files/2022/06/HYrh8nqbMQhJITnhL7jq_10_e0010fe0f23586c060f5766d95ff4e2f_file.pdfIn PDF document text
- https://www.soroherbaria.org/portal/checklists/checklist.php?clid=89078In PDF document text
- https://cch2.org/portal/checklists/checklist.php?clid=13245In PDF document text
- https://csvcoll.org/portal/checklists/checklist.php?clid=19877In PDF document text
- https://projfutr.org/wp-content/uploads/2022/06/garwan.pdfIn PDF document text
- https://tecnoviolone.com/wp-content/uploads/2022/06/CyberLink_MediaShow_Ultra_6011330_PreCracked_Edition__Crack.pdfIn PDF document text
- https://alaquairum.net/elsawinfullpackdownload30/In PDF document text
- https://ikatmarketing.com/wp-content/uploads/2022/06/Hardware_Graphics_Acceleration_For_Fifa_08_Download_Crack.pdfIn PDF document text
- https://directory-news.com/wp-content/uploads/2022/06/fritsal.pdfIn PDF document text
- http://aceite-oliva.online/2022/06/10/de-sacerdote-del-diablo-a-ministro-de-jesucristo-libro-pdfl-repack/In PDF document text
- https://gogathr.live/upload/files/2022/06/pZAniuuyHDxklON5BqZw_10_e0010fe0f23586c060f5766d95ff4e2f_file.pdfIn PDF document text
- https://pteridoportal.org/portal/checklists/checklist.php?clid=13477In PDF document text
- https://sprachennetz.org/advert/astute-graphics-plugins-keygen-best-torrentk/In PDF document text
- https://www.valenciacfacademyitaly.com/wp-content/uploads/2022/06/rockfab.pdfIn PDF document text
- https://tonjafifield361f5c.wixsite.com/membmeghbalquatt/post/stronghold-crusader-2-multiplayer-lan-crack-for-crysis-bestIn PDF document text
- https://networny-social.s3.amazonaws.com/upload/files/2022/06/bgcrNXZ7b37BsICQ5lRD_10_e0010fe0f23586c060f5766d95ff4e2f_file.pdfIn PDF document text
- https://helcuycanlimasan.wixsite.com/newphcfoutasge/post/opel-navi-cd70-hunIn PDF document text
- https://serv.biokic.asu.edu/paleo/portal/checklists/checklist.php?clid=5220In PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000016d7.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x16D7 | 120140 bytes |
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.