Malicious PDF — malware analysis report

Static analysis result for SHA-256 98e64d0326aa6697…

MALICIOUS

PDF

115.5 KB Created: 2022-07-02 16:28:17 +02:00 Authoring application: jaqulee (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 5d35f954e9a643bfd69cb77602b09130 SHA-1: 713f35c263c5036a92519a43ab6f4cf90c9219d0 SHA-256: 98e64d0326aa66976d8335d77948ebd8b62084f874fe606ca9881b56ad043c30
64 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link

The PDF contains a significant number of external links, identified as a link farm, which are likely intended to direct users to download malicious software or pirated content. The primary URL observed, http://findthisall.com/..., appears to be part of this distribution scheme. No scripts were extracted, and the document body was unreadable, limiting further analysis of specific payloads.

Machine Learning

  • Nyx PDF Classifier clean score 0.0229

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://findthisall.com/inconceivable/ZG93bmxvYWR8OUt2TVdvMWZId3hOalUyTnpjeE9ERTRmSHd5TlRnM2ZId29UU2tnU0dWeWIydDFJRnRHWVhOMElFZEZUbDA/bums/?YmVqZXdlbGVkIDMgZnVsbCB2ZXJzaW9uIGZyZWUgZG93bmxvYWQgY3JhY2sgd2luZG93cwYmV=fled.journalistic&mechanics=musenmai.mindsets
    • https://unmown.com/upload/files/2022/07/V5BrLcJnCEplfLWX6Kax_02_ae3458ad1b1151aba6ca30eaf7acbfc5_file.pdf
    • https://section8voice.com/wp-content/uploads/2022/07/comfav.pdf
    • https://dutchspecialforces.eu/xforcekeygenrevit2016trial-best/
    • https://www.corsisj2000.it/mount-and-blade-with-fire-and-sword-serial-number-1-143/
    • http://ooouptp.ru/carbrainc168crack-verified-rarfiles-127878/
    • http://www.easytable.online/wp-content/uploads/2022/07/emtp_rv_3_crack_46.pdf
    • https://www.suvcars.com/advert/cutmaster2dprov1324keygenrar-repack/
    • https://directory-news.com/wp-content/uploads/2022/07/Bubble_Bobble_Hero_2_Crackl.pdf
    • https://www.luvncarewindermere.net/ver-pelicula-metegol-audio-argen/
    • https://www.recentstatus.com/upload/files/2022/07/ZDhUnfw3qI3CEYGCcI3Y_02_ae3458ad1b1151aba6ca30eaf7acbfc5_file.pdf
    • https://panjirakyat.net/technika-h16wc01-driver-repack-download-win7/
    • https://nysccommunity.com/advert/hd-online-player-shareeka-pakistani-top-full-movie-watch/
    • https://verrtise.com/advert/descargar-hypersonic-2-full-crack-softwarel-hot/
    • https://elearning.zonuet.com/blog/index.php?entryid=4229
    • http://aocuoieva.com/?p=21293
    • https://venbud.com/advert/red-giant-magic-bullet-suite-13-0-4-serials-sh-serial-key-__hot__/
    • https://www.santafe-roma.it/wp-content/uploads/2022/07/JetBrains_Rider_201823_x64_Crack_EXCLUSIVE_Keygen.pdf
    • https://secure-thicket-22364.herokuapp.com/budtagg.pdf
    • http://www.italiankart.it/advert/practical-boiler-water-treatment-handbook-pdf-download-upd/
    • https://young-shelf-66878.herokuapp.com/crackRobotStructuralAnalysisProfessional2019portable.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.