Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4f2652052573e65…

MALICIOUS

PDF

123.8 KB Created: 2022-07-31 06:18:18 +00:00 Authoring application: jamwhyt (via PDF Master 1.0.1) First seen: 2026-07-01
MD5: 5d33879a0915e24bc294021a53b28ba4 SHA-1: ecbedcd82404f0f78af9daa440c70857f3b76c23 SHA-256: a4f2652052573e6549e92b6721453075c34d51b79f565596099ab42df01e320e
74 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0063

Heuristics 4

  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://raisengine.com/obizzi/RmFybSBNYW5hZ2VyIDIwMTgRmF?ZG93bmxvYWR8cXIxTkRsaWFuSjhmREUyTlRreU1USTJPRFo4ZkRJMU9EZDhmQ2hOS1NCSVpYSnZhM1VnVzBaaGMzUWdSMFZPWFE.gotu=passerelle&sabot=illuminance PDF link annotation
    • http://berlin-property-partner.com/?p=42465In PDF document text
    • https://lysteninc.com/2022/07/31/the-timeless-child-prologue-crack-with-serial-number-2022/In PDF document text
    • https://alfagomeopatia.ru/wp-content/uploads/shortest_trip_to_earth__supporters_pack_free_april2022.pdfIn PDF document text
    • http://imeanclub.com/?p=97398In PDF document text
    • https://cryptic-waters-92107.herokuapp.com/tamedm.pdfIn PDF document text
    • http://insenergias.org/?p=56138In PDF document text
    • https://dubaiandmore.com/wp-content/uploads/2022/07/Singled_Out_Activation__.pdfIn PDF document text
    • https://ukrainefinanceplatform.com/wp-content/uploads/2022/07/PLASTIC_BLUE_lofi_Beats_To_Study_And_Sleep_To_full_license___Latest.pdfIn PDF document text
    • http://googlepages.in/wp-content/uploads/2022/07/Mysterious_Blocks_Download.pdfIn PDF document text
    • https://xtc-hair.com/fabulous-angelas-fashion-fever-soundtrack-hack-full-product-key-free-updated-2022/In PDF document text
    • https://wilsonvillecommunitysharing.org/the-tower-of-tigerqiuqiu-2-tiger-tank-70-In PDF document text
    • https://texvasa.com/2022/07/31/jugipaint-crack-with-serial-number-activation-code-free-download-updated-2022/In PDF document text
    • http://www.babel-web.eu/p7/river-legends-a-fly-fishing-adventure-crack-patch-activation-code-free-download/In PDF document text
    • https://nanacomputer.com/brickout-new-music-pack/In PDF document text
    • http://raisengine.com/obizzi/rmfybsbnyw5hz2vyidiwmtgrmf?zg93bmxvywr8cxixtkrsawfusjhmreuytlrreu1ustjprfo4zkrjmu9ezdhmq2hos1ncsvpysnzhm1vnvzbaagmzuwdsmfzpwfe.gotu=passerelle&sabot=illuminanceIn PDF document text
    • https://wakelet.com/wake/hqPyW4jlBKzpxrbH8XMkRIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000477f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x477F 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000cf6b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xCF6B 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261