Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa849da442f1905f…

MALICIOUS

PDF

114.5 KB Created: 2022-09-13 08:20:01 +00:00 Authoring application: foopan (via PDF Master 1.0.1) First seen: 2026-06-06
MD5: fc2d186b7b9cc5f33fbe511b1c8b655f SHA-1: 412fc21c53c7c9c7f999d89a49bc9203f040f096 SHA-256: aa849da442f1905f7b84ccedd0ab32add34e5b230b89c2cbba33ccc08c0adfd0
94 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0012

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bestsmartfind.com/ZG93bmxvYWR8a0c2TVd0MmNqZDhmREUyTmpJMk9EQXpPVEI4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk/WEZPUkNFIEtFWUdFTiBaYnJ1c2ggNHI0LnJhcgWEZ.intensions?legalise.thawte.recollect/ PDF link annotation
    • https://riosessions.com/wp-content/uploads/2022/09/discografia_massimo_di_cataldo_download_bittorrent.pdfIn PDF document text
    • https://www.the-fox.it/2022/09/13/tarbiyatulauladnasihulwanpdfdownload-better/In PDF document text
    • https://afgras.org/wp-content/uploads/2022/09/Pvsyst_6_Activation_Code_Keygen_EXCLUSIVE.pdfIn PDF document text
    • https://sattology.org/wp-content/uploads/2022/09/YUKI_POWERS_OF_TEN_2012_WAV_23_CRACKED.pdfIn PDF document text
    • https://choicemarketing.biz/fb-marketing-automation-top-cracked-30/In PDF document text
    • https://72bid.com?password-protected=loginIn PDF document text
    • https://sugaringspb.ru/hd-online-player-charlie-2015-malayalam-1080p-blu-r-patched/In PDF document text
    • https://atiqxshop.nl/wp-content/uploads/2022/09/CRACK_Remote_Desktop_Manager_Enterprise_158130_Key_Crack_High_Quality.pdfIn PDF document text
    • http://thetruckerbook.com/2022/09/13/land-rover-microcat-parts-catalog-download-pdf-exclusive/In PDF document text
    • https://www.zper.it/wp-content/uploads/2022/09/lalaramswaroopcalendar2016pdffree11.pdfIn PDF document text
    • http://aqaratalpha.com/?p=54001In PDF document text
    • https://www.viizair.com/adobe-acrobat-pro-dc-18-011-20038-crack-2018-download-__full__/In PDF document text
    • https://streetbazaaronline.com/2022/09/13/flobo-hard-disk-repair-41-full-portable-crack-idminstmanks/In PDF document text
    • https://parsiangroup.ca/2022/09/code-calculator-for-vw-rcd310/In PDF document text
    • https://nimalanisanta.shop/the-jackbox-party-pack-4-torrent/In PDF document text
    • http://www.gambians.fi/printer-driver-generic-36c-1-series-pcl/fund-raising/In PDF document text
    • https://bestrest.rest/wp-content/uploads/2022/09/kalewian.pdfIn PDF document text
    • https://amplefair.com/ship-blaster-professional-serial-key/In PDF document text
    • https://themindfulpalm.com/dvla-driving-licence-renewal-form-d798-download-free/In PDF document text
    • http://www.amu2ias.com/wp-content/uploads/2022/09/HD_Online_Player_www_c700_com_zoosex_video.pdfIn PDF document text
    • https://atiqxshop.nl/wp-In PDF document text
    • https://afgras.org/wp-content/uploads/2022/09/pvsyst_6_activation_code_keygen_exclusive.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001c71.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1C71 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000a45d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA45D 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261

Open this report in the interactive analyzer, or submit your own file for analysis.