PDF static analysis report

Static analysis result for SHA-256 a19efefd9aca99f7…

SUSPICIOUS

PDF

124.5 KB Created: 2022-06-10 01:33:09 +02:00 Authoring application: octawar (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: a20fcb485bae1dc4f3ec0cf0f0240d20 SHA-1: fbc72a31aff86731837911ba24f9f1b7aebfeca7 SHA-256: a19efefd9aca99f797aa2498c6394500fd7081ff463f9497674877acb6bfd779
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0213

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/wipro/fibromyalgia/Q29yb25hTW90b3JTcG9ydGRvd25sb2FkZm9ycGMQ29&hostels?ZG93bmxvYWR8RjlUYUhGeGRYeDhNVFkxTkRjNE1EYzROM3g4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk=hurriedness PDF link annotation
    • http://zakadiconsultant.com/?p=4092In PDF document text
    • http://articlebeast.online/?p=4912In PDF document text
    • https://warm-eyrie-09924.herokuapp.com/serial_number_adobe_acrobat_x_pro_2012k.pdfIn PDF document text
    • https://expressmondor.net/cafe-con-aroma-de-mujer-torrent/In PDF document text
    • http://www.brickandmortarmi.com/victor-cheng-look-over-my-shoulder-torrent-zip/In PDF document text
    • http://www.pickrecruit.com/dg-foto-art-gold-2-0-crack-zip-free/In PDF document text
    • https://boomingbacolod.com/serial-number-solution-payroll-v2-0-activation/In PDF document text
    • https://kramart.com/descargar-winning-eleven-11-para-pc-mega-12/In PDF document text
    • https://damariuslovezanime.com/configurar-router-belkin-f5d72304-como-repetidor-__link__/In PDF document text
    • http://rastadream.com/?p=7432In PDF document text
    • http://descargatelo.net/pc/personalizacion/lumion-6-crack-kickass-35/In PDF document text
    • https://guarded-wave-55165.herokuapp.com/Medal_Of_Honor_Warfighter_BY_MODIZZZ_Fitgirl_Repack.pdfIn PDF document text
    • http://oag.uz/?p=5037In PDF document text
    • https://cosasparamimoto.club/mac-os-x-mountain-lion-highly-compressed/In PDF document text
    • https://www.5etwal.com/phpstorm-license-server-verified/In PDF document text
    • http://launchimp.com/pocket-tanks-deluxe-v1-1-all-packs-up-to-gold-skidrow-reloaded-verified/In PDF document text
    • http://bookmanufacturers.org/quickdesigner-3-7-software-free-11In PDF document text
    • https://www.kalybre.com/?p=20750In PDF document text
    • http://8848pictures.com/luxor-amun-rising-serial-crack-free-exclusive/In PDF document text
    • https://thetutorialworld.com/advert/how-to-get-z3x-samsung-tool-pro-crack-version/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off000015da.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x15DA 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4