PDF static analysis report

Static analysis result for SHA-256 c2e2f8a04b3a997d…

SUSPICIOUS

PDF

167.1 KB Created: 2022-07-05 16:09:49 +00:00 Authoring application: oshdary (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 414f3f28af2c36a0301f4d6922ccf170 SHA-1: a6f98bfe09bedf257a67cfbe90580857bee27d4e SHA-256: c2e2f8a04b3a997db5faaeaca8d583d9657e1bbc3d96b43d18542234ef8e547b
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains heuristics indicating it advertises cracked software and embeds external URIs. One of the embedded URLs, http://evacdir.com/generalist.cargeenan?ZG93bmxvYWR8TUs1YTI5amZId3hOalUzTURNMk1qSXpmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww=&homeopathy=&RmlmYSAyMgRml=starteaching, is flagged as suspicious and likely serves as a download link for a second-stage payload. The document's purpose appears to be social engineering users into visiting these sites.

Machine Learning

  • Nyx PDF Classifier clean score 0.0045

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/generalist.cargeenan?ZG93bmxvYWR8TUs1YTI5amZId3hOalUzTURNMk1qSXpmSHd5TlRjMGZId29UU2tnY21WaFpDMWliRzluSUZ0R1lYTjBJRWRGVGww=&homeopathy=&RmlmYSAyMgRml=starteaching PDF link annotation
    • https://womss.com/fifa-22-mem-patch-free/In PDF document text
    • http://www.ndvadvisers.com/?p=In PDF document text
    • https://worlegram.com/upload/files/2022/07/z2rYj3oHKiG7TuNzpaZM_05_d58e53908802ca1b60f77c4f4551c1f1_file.pdfIn PDF document text
    • https://www.soonaradio.com//upload/files/2022/07/HwZUE4UVcBdOZKEQrABp_05_d58e53908802ca1b60f77c4f4551c1f1_file.pdfIn PDF document text
    • https://serene-garden-35794.herokuapp.com/Fifa_22.pdfIn PDF document text
    • https://www.shankari.net/2022/07/05/fifa-22-hack-patch-for-windows-latest/In PDF document text
    • https://www.mil-spec-industries.com/system/files/webform/Fifa-22_72.pdfIn PDF document text
    • https://cleverfashionmedia.com/advert/fifa-22-with-license-key-x64-latest-2022/In PDF document text
    • https://africantoursguide.com/fifa-22-free/In PDF document text
    • http://pga-trade.com/sites/default/files/webform/curriculum-en/armben919.pdfIn PDF document text
    • https://www.agg-net.com/files/aggnet/webform/davovirt405.pdfIn PDF document text
    • https://imarsorgula.com/wp-content/uploads/2022/07/Fifa_22_Crack_Full_Version___X64_March2022.pdfIn PDF document text
    • https://cosmonet.club/upload/files/2022/07/dYytrJHFiJmvbp4iaUnE_05_d58e53908802ca1b60f77c4f4551c1f1_file.pdfIn PDF document text
    • https://www.weactgreen.com/upload/files/2022/07/QNV3rkYgd1GMs5lctzmU_05_d58e53908802ca1b60f77c4f4551c1f1_file.pdfIn PDF document text
    • https://zip-favor.ru/19-549/fifa-22-keygen-generator-mac-win/In PDF document text
    • http://www.perfectlifestyle.info/fifa-22-keygen-generator-torrent-activation-code-2022/In PDF document text
    • https://palqe.com/upload/files/2022/07/snd95CWm6qmf1gEAeY4N_05_d58e53908802ca1b60f77c4f4551c1f1_file.pdfIn PDF document text
    • https://virtual.cecafiedu.com/blog/index.php?entryid=5165In PDF document text
    • https://www.mccafferyinc.com/system/files/webform/resumes/Fifa-22.pdfIn PDF document text
    • https://worlegram.com/upload/files/2022/07/z2rYj3oHKiG7TuNzpaZM_05_dIn PDF document text
    • https://www.soonaradio.com//upload/files/2022/07/HwZUE4UVcBdOZKEQrIn PDF document text
    • https://www.shankari.net/2022/07/05/fifa-22-hack-patch-for-windows-In PDF document text
    • https://cleverfashionmedia.com/advert/fifa-22-with-license-key-In PDF document text
    • http://pga-trade.com/sites/default/files/webform/curriculum-In PDF document text
    • https://imarsorgula.com/wp-content/uploads/2022/07/Fifa_22_Crack_Full_VIn PDF document text
    • https://cosmonet.club/upload/files/2022/07/dYytrJHFiJmvbp4iaUnE_05_d58In PDF document text
    • https://www.weactgreen.com/upload/files/2022/07/QNV3rkYgd1GMs5lctzmIn PDF document text
    • http://www.perfectlifestyle.info/fifa-22-keygen-generator-torrent-activation-In PDF document text
    • https://palqe.com/upload/files/2022/07/snd95CWm6qmf1gEAeY4N_05_d58In PDF document text
    • https://emealjobs.nttdata.com/pt-pt/system/files/webform/fifa-22_39.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text