PDF static analysis report

Static analysis result for SHA-256 99a901695a3821ed…

SUSPICIOUS

PDF

146.0 KB Created: 2022-07-05 16:09:32 +00:00 Authoring application: garrimbe (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: f69d83a74a0a165587c8755ae4d7b1c0 SHA-1: cd9421abcd66bef87d79761cf56d69de271d964f SHA-256: 99a901695a3821ed5152f4e0d828a4849c32681954523d6937a966cbd2e1cef5
34 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link

The PDF document contains multiple embedded links that advertise cracked and pirated software, specifically mentioning 'FIFA 22'. One heuristic identified a 'PDF_CRACKED_SOFTWARE_LURE' and another flagged an external URI pointing to a suspicious domain. The document body itself is heavily obfuscated and does not provide clear textual content, but the presence of numerous links to pirated software strongly suggests a lure for users to download potentially malicious files.

Machine Learning

  • Nyx PDF Classifier clean score 0.0056

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://mydrugdir.com/RmlmYSAyMgRml/divider.ZG93bmxvYWR8T1Q1YXpoMWZId3hOalUzTURNMk1qSXpmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww.sikander.reposting.easier.shavemaster PDF link annotation
    • https://pesasamerica.org/blog/index.php?entryid=5277In PDF document text
    • https://mahoganyrevue.com/advert/fifa-22-crack-patch-2022-new/In PDF document text
    • http://touchdownhotels.com/fifa-22-crack-patch-free/In PDF document text
    • https://www.marhaba.es/fifa-22-universal-keygen-for-pc/In PDF document text
    • https://www.photo-mounts.co.uk/advert/fifa-22-download-updated-2022/In PDF document text
    • http://buyzionpark.com/?p=31887In PDF document text
    • https://fidic.org/system/files/webform/Fifa-22.pdfIn PDF document text
    • https://kinderspecial.com/blog/index.php?entryid=7192In PDF document text
    • http://www.fangyao.org/wp-content/uploads/2022/07/Fifa_22_Keygen___Free_License_Key_2022.pdfIn PDF document text
    • https://paintsghana.com/advert/fifa-22-with-license-code-latest-2022/In PDF document text
    • https://calm-springs-50924.herokuapp.com/Fifa_22.pdfIn PDF document text
    • http://www.sparepartsdiesel.com/upload/files/2022/07/PFtotiquxzocSufOi8Qc_05_51e71c1725253103c3f7bfb9854c501e_file.pdfIn PDF document text
    • https://gracepluscoffee.com/fifa-22-keygen/In PDF document text
    • https://www.sparegistrar.com/wp-content/uploads/2022/07/hetkan.pdfIn PDF document text
    • https://www.camhalalguide.com/wp-content/uploads/2022/07/giannait.pdfIn PDF document text
    • http://knowthycountry.com/?p=7452In PDF document text
    • https://efekt-metal.pl/witaj-swiecie/In PDF document text
    • https://vdsproductions.nl/fifa-22-free-license-key-free-win-mac-march-2022/In PDF document text
    • https://buzau.org/wp-content/uploads/Fifa_22_keygen_only__Free_MacWin.pdfIn PDF document text
    • https://wheeoo.org/upload/files/2022/07/Ft1ZZHJQui1rcl3IKVoT_05_dbff950f3dc4293290544a6df12faf7a_file.pdfIn PDF document text
    • http://www.fangyao.org/wp-In PDF document text
    • http://www.sparepartsdiesel.com/upload/files/2022/07/PFtotiquxzocSufOi8QcIn PDF document text
    • https://buzau.org/wp-In PDF document text
    • https://wheeoo.org/upload/files/2022/07/Ft1ZZHJQui1rcl3IKVoT_05_dbff950f3In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text