Malware Insights
The PDF document contains multiple embedded URLs and heuristics indicate it advertises cracked software. The primary URL, http://evacdir.com/comedically.ZG93bmxvYWQgZmlyZWRhYyBkZWxwaGkgeGU0IGNyYWNrZG9?alkaloid=brickyard&coutnry=caracas&fridge=ZG93bmxvYWR8cVU2Wm5GaU1YeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA&, is likely a download link for a malicious payload. No scripts were extracted, but the document's structure and content strongly suggest a phishing attempt to trick users into downloading malware disguised as cracked software.
Machine Learning
- Nyx PDF Classifier clean score 0.0280
Heuristics 3
-
PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LUREPDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://evacdir.com/comedically.ZG93bmxvYWQgZmlyZWRhYyBkZWxwaGkgeGU0IGNyYWNrZG9?alkaloid=brickyard&coutnry=caracas&fridge=ZG93bmxvYWR8cVU2Wm5GaU1YeDhNVFkxTkRjNE1EYzROM3g4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA& PDF link annotation
- https://www.greatescapesdirect.com/2022/06/axisvm-12-full-crack-159-portable/In PDF document text
- https://anumtechsystems.com/2022/06/09/gta-san-andreas-100-savegame-file-game-hack/In PDF document text
- https://qflash.es/?p=14597In PDF document text
- https://juliewedding.com/recoil-game-free-download-full-version-for-pc-crack-sites-new/In PDF document text
- https://sheltered-headland-40168.herokuapp.com/microsoft_office_14_object_library_download.pdfIn PDF document text
- https://thefuturegoal.com/upload/files/2022/06/nJKDFb4AggJPggjvrona_09_f6773fb319df5e7c4afe81dcfe73b5ea_file.pdfIn PDF document text
- https://arcane-scrubland-05504.herokuapp.com/giovjais.pdfIn PDF document text
- https://motiontoken.tech/upload/files/2022/06/jO4pDe6uUoCbtOPH9hPq_09_f6773fb319df5e7c4afe81dcfe73b5ea_file.pdfIn PDF document text
- https://feimes.com/telecharger-facehacker-gratuit-sans-adresse/In PDF document text
- https://www.afrogoatinc.com/upload/files/2022/06/1dxm7F13rC4dwzOAXsPP_09_f6773fb319df5e7c4afe81dcfe73b5ea_file.pdfIn PDF document text
- http://www.theoldgeneralstorehwy27.com/ntlite-enterprise-1-9-0-7330-with-crack/In PDF document text
- https://fast-savannah-88696.herokuapp.com/Alone_2007_Thai_Movie_DVDRip.pdfIn PDF document text
- https://swisshtechnologies.com/omron-cx-supervisor-v3-1-rar/In PDF document text
- https://kurditi.com/upload/files/2022/06/qgsnoxKNQ1UuZ89pXoju_09_e2594de5f0f6541ccb8c637d52908e6c_file.pdfIn PDF document text
- https://ctago.org/patched-eset-nod32-antivirus-8-beta-64-bit-serial-key/In PDF document text
- https://gardeners-market.co.uk/advert/techwell-tw6801-driver/In PDF document text
- https://queery.org/binkregisterframebuffers8download-hot/In PDF document text
- https://gentle-fortress-95874.herokuapp.com/blagar.pdfIn PDF document text
- https://classifieds.safetyexpress.com/advert/werkmaster-titan-xt-grinder/In PDF document text
- http://sturgeonlakedev.ca/?p=10319In PDF document text
- http://www.tcpdf.orgIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00001c40.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C40 | 120352 bytes |
SHA-256: b4bd86f369fadf999a1bf3115a95e4b3a5c6df18e51465b5536b0fe5cd402d6c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.