Malicious PDF — malware analysis report

Static analysis result for SHA-256 b3235b3f342505a0…

MALICIOUS

PDF

108.8 KB Created: 2022-10-18 21:19:46 +00:00 Authoring application: debport (via PDF Master 1.0.1) First seen: 2026-06-09
MD5: d41bed068b087b0068ac4b52578e22d2 SHA-1: 68353763d42801e00ea15a117974d623b1a7041a SHA-256: b3235b3f342505a0ae7f7c476e5bbd74e5a2523659378e77e3dbcb99f5930d2c
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0009

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://emailgoal.com/billy/eludes/polo.rosetta.eGZvcmNlIGtleWdlbiBhdXRvY2FkIDIwMTUgNjQgYml0IGZyZWUgZG93bmxvYWQgd2luZG93cyA4eGZ&ZG93bmxvYWR8Zk40TVhoNWVXNThmREUyTmpVM016TTROREY4ZkRJMU9UQjhmQ2hOS1NCWGIzSmtjSEpsYzNNZ1cxaE5URkpRUXlCV01pQlFSRVpk.watchdog.savoring PDF link annotation
    • https://makeupshopbynaho.com/wp-content/uploads/2022/10/Launy_Grondahl_Trombone_Concerto_Pdf_Free_PATCHED.pdfIn PDF document text
    • http://tichct.ir/wp-content/uploads/2022/10/vghd_bot_vg908_account.pdfIn PDF document text
    • https://thekeymama.foundation/wp-content/uploads/2022/10/Xforce_Revit_LT_2017_Activation_UPD.pdfIn PDF document text
    • https://dottoriitaliani.it/ultime-notizie/senza-categoria/download-720p-shaadi-mein-zaroor-aana-movies-hindi-repack/In PDF document text
    • http://pantogo.org/2022/10/18/renault-dialogys-v-3-99-torrent-free-download-sitesoft4car-net/In PDF document text
    • https://towntexas.com/wp-content/uploads/2022/10/Xara_3D_Maker_V700415_Crack_Setup_Free_HOT.pdfIn PDF document text
    • http://wasshygiene.com/?p=39398In PDF document text
    • https://yahwehslove.org/wp-content/uploads/2022/10/forbroo.pdfIn PDF document text
    • https://ayusya.in/microwind-35-full-version-68-repack/In PDF document text
    • https://prayersonline.org/wp-content/uploads/2022/10/creative_webcam_driver_n10225.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001246.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1246 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off00009a32.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9A32 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261

Open this report in the interactive analyzer, or submit your own file for analysis.