Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0c589773d08252f…

MALICIOUS

PDF

116.3 KB Created: 2022-07-04 00:56:26 +00:00 Authoring application: chalquyt (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: d4f291aa26ca88c0780e7073288b4e80 SHA-1: b89252acdd62c718bdeaf276643d44616c41c4c0 SHA-256: d0c589773d08252f8cf662e12fe90988000fd18206ee33b69ede7e32b8c44787
64 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link

The PDF contains a significant number of external links, with one heuristic specifically identifying it as a 'PDF_SEO_LINK_FARM'. The primary malicious URL extracted, http://blogbasters.com/bust.elsinore.luce/..., appears to be a download path. This suggests the document's purpose is to redirect users to potentially malicious content or facilitate further downloads.

Machine Learning

  • Nyx PDF Classifier clean score 0.0245

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://blogbasters.com/bust.elsinore.luce/ZG93bmxvYWR8NXF0TVdobmFYeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA/carvalho/Q2hhdDRFY2xpcHNlQ2h/
    • https://careersguruji.com/joyoshare-ipasscode-unlocker-for-windows-crack-with-full-keygen-win-mac-2022/
    • http://antiquesanddecor.org/?p=25631
    • https://bestwaytofreedom.com/postit-crack-free-x64/
    • https://oceanofcourses.com/invoiceitpro-crack-product-key-full-3264bit/
    • https://ogledalce.ba/wp-content/uploads/2022/07/santgra.pdf
    • https://cuteteddybearpuppies.com/2022/07/portable-file-seeker-crack-product-key-full-latest-2022/
    • https://frameofmindink.com/wp-content/uploads/2022/07/fiamleon.pdf
    • https://www.townofholliston.us/sites/g/files/vyhlif706/f/uploads/town_department_office_hours.pdf
    • http://pensjonatewa.pl/wp-content/uploads/2022/07/TinypasteBypasser_Crack__License_Keygen_Free_For_Windows.pdf
    • https://magiclifequicksell.com/wp-content/uploads/2022/07/Best_Video_Converter_Crack__For_Windows_Updated_2022.pdf
    • https://www.londonderrynh.org/sites/g/files/vyhlif4616/f/agendas/rfq_newpaper_notice.pdf
    • https://www.mil-spec-industries.com/system/files/webform/harmrom573.pdf
    • http://heritagehome.ca/advert/wfm-viewer-torrent-activation-code-updated-2022/
    • https://natepute.com/advert/bulk-url-opener-for-opera-with-license-key-download-updated-2022-2/
    • https://l1.intimlobnja.ru/liviya-7/
    • http://www.bayislistings.com/personal-portfolio-manager/
    • https://pneuscar-raposo.com/virus-remover-for-win32-serpip-license-code-keygen-latest/
    • https://yasutabi.info/wp-content/uploads/2022/07/AppKILL.pdf
    • https://uranai-cafe.jp/wp-content/uploads/2022/07/VideoSolo_BDDVD_Ripper_Crack___Free_Download_MacWin_Updated2022.pdf
    • https://scrolllinkupload.s3.amazonaws.com/upload/files/2022/07/75YFD6FvJlvSlQnaHoGy_04_c260ea8749388fedbccb40c34d4f9c6b_file.pdf
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.