Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5df3d388359db91…

MALICIOUS

PDF

119.1 KB Created: 2022-07-17 01:50:54 +00:00 Authoring application: yelavij (via PDF Master 1.0.1) First seen: 2026-06-28
MD5: 7452730039e32c1f6d335e064b684727 SHA-1: 9515bd79a586f6ae9998f2dfcef5d57c0332d58a SHA-256: c5df3d388359db9158c8c7fd942fce4834b6563e8f15be33639f4543e47c8964
72 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0011

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lehmanbrotherbankruptcy.com/.beboring.ZG93bmxvYWR8RDlZTkRGbk5YeDhNVFkxT0RBd05qWTVPWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA.vantage.ayre.liberal.SmV0QnJhaW5zIFBocFN0b3JtIDIwMTkuMy4yIENyYWNrIFdpdGggUHJvZHVjdCBLZXkgRnJlZSBEb3dubG9hZASmV PDF link annotation
    • https://luvmarv.com/2022/07/17/anonymous-ddos-tools-2013/In PDF document text
    • https://yourdailyhome.com/2022/07/17/essential-surgical-practice-cuschieri-free-full-download-rar/In PDF document text
    • https://weedcottage.online/wp-content/uploads/2022/07/ludvstr.pdfIn PDF document text
    • http://raga-e-store.com/sarvamangalamangalyemalayalampdfdownload-link/In PDF document text
    • https://autko.nl/2022/07/harry-styles-handwriting-font-32-link-2/In PDF document text
    • http://logicbee.biz/blog/index.php?entryid=2632In PDF document text
    • https://www.ygeiologia.gr/advert/easysign-v5-download-free-repack/In PDF document text
    • http://rootwordsmusic.com/2022/07/17/pack-de-titulos-animados-para-pinnacle-29/In PDF document text
    • http://balloonfellows.com/wp-content/uploads/2022/07/Free_Labview_Mathscript_Rt_Module_2010.pdfIn PDF document text
    • https://vincyaviation.com/descargar-niple-56-full-full-con-c/In PDF document text
    • http://wohnzimmer-kassel-magazin.de/wp-content/uploads/ruslang-1.pdfIn PDF document text
    • https://supermoto.online/wp-content/uploads/2022/07/Campgrounds2TheEndorusExpeditionCE2013PCFINALtorrent.pdfIn PDF document text
    • https://www.supherbswholesale.ca/wp-content/uploads/2022/07/Nero_Platinum_2020_Crack_License_Key_Free_Download_PORTABLE.pdfIn PDF document text
    • https://mahoganyrevue.com/advert/the-unforgettable-movie-top-download-kickass-720p/In PDF document text
    • https://haitiliberte.com/advert/tl-rambabu-telugu-word-20-software-free-download-free/In PDF document text
    • http://nelsonescobar.site/?p=7056In PDF document text
    • https://autocracymachinery.com/trutops-laser-v-6-10-6-5-better/In PDF document text
    • http://vizitagr.com/?p=29965In PDF document text
    • http://www.vxc.pl/wp-content/uploads/2022/07/Win8ActivatorKJ_121108exe.pdfIn PDF document text
    • https://clubsoccer360.com/wp-content/uploads/2022/07/LOSSLESS_Repack_by_Mr_DJ_Far_Cry_5_Gold_Edition_Multi_15_Rep.pdfIn PDF document text
    • http://balloonfellows.com/wp-In PDF document text
    • https://supermoto.online/wp-In PDF document text
    • https://www.supherbswholesale.ca/wp-In PDF document text
    • https://clubsoccer360.com/wp-In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002a59.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2A59 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000b245.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB245 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261