Malicious PDF — malware analysis report

Static analysis result for SHA-256 af9e58ef5e6409e1…

MALICIOUS

PDF

94.5 KB Created: 2022-06-09 08:54:50 +02:00 Authoring application: desvass (via PDF Master 1.0.1) First seen: 2026-06-09
MD5: 7dd99e159ff61e4c12d1df80b8a72bfb SHA-1: 4b7b60153a48f904eeb303e241794f1260bf6a05 SHA-256: af9e58ef5e6409e1b446ddf90b0d956ad169c9e3232c8e7759ca526fe5aabb6d
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.1706

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/diagnosed.ZG93bmxvYWR8N3lvWVhjNWNIeDhNVFkxTkRjek1EZzRObng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA?knysna=headrest.upstaging/remarketed.RWxsYSBFbmNoYW50ZWQgMjAwNCBEdmRyaXAgRG93bmxvYWQRWx PDF link annotation
    • https://moodle99.ir/blog/index.php?entryid=270In PDF document text
    • https://facenock.com/upload/files/2022/06/NyFqXjnpDYv6UeRRMONG_09_2f41a5c2a661a30f4a71318ebc3d485c_file.pdfIn PDF document text
    • https://www.digitalgreenwich.com/rule-the-rail-password-crack/In PDF document text
    • http://sharedsuccessglobal.com/marketplace/upload/files/2022/06/hvr2DmEMXvBeEWdcAINC_09_b7fbbd185cbafefcee0d510896490fd0_file.pdfIn PDF document text
    • https://tecunosc.ro/upload/files/2022/06/AvOS17jfxcZReuntUW91_09_f929aa37cb84aa7753abaaeb71d2d25b_file.pdfIn PDF document text
    • https://vietnamnuoctoi.com/upload/files/2022/06/d2hWzyVcqHO4Yd8MjDKs_09_90fff96890f1e312c2954c116ce5f5c3_file.pdfIn PDF document text
    • https://smartbizad.com/advert/best-service-era-medieval-legends-engine-2-exclusive-full-version/In PDF document text
    • https://everyonezone.com/upload/files/2022/06/LXikOVGEs6u71R5SksKu_09_9d647053c759a35bb82e9b88e01c240f_file.pdfIn PDF document text
    • https://stompster.com/upload/files/2022/06/GCqlWJ6SzUvHAHJaMsMk_09_2f41a5c2a661a30f4a71318ebc3d485c_file.pdfIn PDF document text
    • https://wintermarathon.de/advert/semantic-web-and-social-networks-notes-jntu-pdf-15-free/In PDF document text
    • https://everyonezone.com/upload/files/2022/06/4hj16iQkAivCzccWlXxI_09_ff5e12dcbabdb0e197ab409a1db50339_file.pdfIn PDF document text
    • https://triberhub.com/upload/files/2022/06/WTOg5abTJV7edvoTwEBG_09_9d647053c759a35bb82e9b88e01c240f_file.pdfIn PDF document text
    • https://www.hypebunch.com/upload/files/2022/06/4b6KAHAiCQNgYT9L3rFH_09_ff5e12dcbabdb0e197ab409a1db50339_file.pdfIn PDF document text
    • https://radiaki.com/?p=1311In PDF document text
    • https://accwgroup.com/movieswithfullnakshatra/In PDF document text
    • https://kiralikofis.com/bluetooth-stack-for-windows-by-toshiba-v8-00-03-crack/?p=29153In PDF document text
    • https://catbuzzy.com/upload/files/2022/06/ywd55usDAIcw8boZa3Ot_09_f929aa37cb84aa7753abaaeb71d2d25b_file.pdfIn PDF document text
    • http://sharedsuccessglobal.com/marketplace/upload/files/2022/06/hvr2DmEMXvBeEWdcAINC_09_b7fbbd185cbafefcee0d51In PDF document text
    • https://vietnamnuoctoi.com/upload/files/2022/06/d2hWzyVcqHO4Yd8MjDKs_09_90fff96890f1e312c2954c116ce5f5c3_file.pIn PDF document text
    • https://everyonezone.com/upload/files/2022/06/LXikOVGEs6u71R5SksKu_09_9d647053c759a35bb82e9b88e01c240f_file.pdIn PDF document text
    • https://www.hypebunch.com/upload/files/2022/06/4b6KAHAiCQNgYT9L3rFH_09_ff5e12dcbabdb0e197ab409a1db50339_filIn PDF document text
    • https://jomshopi.com/30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22year30bd44cc13fa7a30ad81In PDF document text
    • https://jomshopi.com/30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22year30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22/30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22monthnum30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22/30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22day30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22/30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22postname30bd44cc13fa7a30ad813cde1638c46c0edaa38936cbedbaaec9e88888dcad22/In PDF document text
    • https://tencufepharlybunti.wixsite.com/collensnaha/post/driver-placa-mae-intel-corp-emerald-lake-2bookskslIn PDF document text
    • https://wakelet.com/wake/dB2qrbGYUNfzv8XGccnYGIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001554.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1554 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4