PDF static analysis report

Static analysis result for SHA-256 a784f39b3afe9b7b…

SUSPICIOUS

PDF

256.4 KB Created: 2022-06-09 23:12:37 +02:00 Authoring application: fancrai (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: f020fcff06734aafc152d3e1db438b60 SHA-1: 6871e97f89a0372659150dd8d1c650edfb95cf5a SHA-256: a784f39b3afe9b7bb3c0b71384aae266ce8ca188440d4e360047fb873a8de1e6
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0107

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/ZG93bmxvYWR8Q3M5Wm00M1pIeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/guangdong/appraises/battaglin/benefited/ZG93bmxvYWQgZmFyIGNyeSA0IHBjIGNyYWNrZG9/offended/buiding/ PDF link annotation
    • http://med-smi.com/��������-��������������/In PDF document text
    • https://wilsonvillecommunitysharing.org/download-install-canon-service-tool-v200/In PDF document text
    • https://blaquecat.com/community/upload/files/2022/06/IMH7psy18IeQsFlzr5i4_09_18b693106456f83ba3c1467e937e5dfc_file.pdfIn PDF document text
    • https://www.myshareshow.com/upload/files/2022/06/8AaakDCxyICAxgqtXWGi_09_606b65316aa6df88b69d7f9973e17031_file.pdfIn PDF document text
    • https://paulinesafrica.org/?p=74944In PDF document text
    • http://raga-e-store.com/igo-for-chinese-gps-systems-rar-top/In PDF document text
    • https://www.darussalamchat.com/upload/files/2022/06/IZ3o7EbRzIAXLtEvKt1C_09_bf12be031b87c2c9988839ede3b69108_file.pdfIn PDF document text
    • https://delicatica.ru/2022/06/10/iatkos-ml2-mac-os-x-mountain-lion-10-8-2-torrent-work/In PDF document text
    • https://ontimewld.com/upload/files/2022/06/IVx1weNL3hR2kWtp7eo7_09_0d36372ae7ece69c8d9e9a0210915bfa_file.pdfIn PDF document text
    • https://indiatownship.com/kyodai-mahjongg-v-21-42-incl-verified-keygen/In PDF document text
    • https://nisharma.com/vectric-cut2d-crack-keygen-serial-patch/In PDF document text
    • http://ampwebsitedesigner.com/2022/06/09/ezdrummer-2-crack-keygen-torrent/In PDF document text
    • https://giovanimaestri.com/2022/06/09/ic27healthinsurancepdfdownload/In PDF document text
    • http://mycryptojourney.blog/?p=26097In PDF document text
    • https://1orijin.com/upload/files/2022/06/eHIQTS4gho4BrQXS5Cdy_09_0d36372ae7ece69c8d9e9a0210915bfa_file.pdfIn PDF document text
    • https://luathoanhao.com/?p=4189In PDF document text
    • https://coolbreezebeverages.com/exersize-solutions-of-distributed-operating-system-by-p-k-sinha/In PDF document text
    • http://shaeasyaccounting.com/contoh-karangan-sebab-sebab-permainan-tradisional-semakin-dilupakan-fixed/In PDF document text
    • https://stinger-live.s3.amazonaws.com/upload/files/2022/06/5BgwZwDbWLSTTBw9Tiva_09_0d36372ae7ece69c8d9e9a0210915bfa_file.pdfIn PDF document text
    • https://wakelet.com/wake/gvrqvXi8gNyeDFC1TZA3RIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00001315.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1315 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4