Malicious PDF — malware analysis report

Static analysis result for SHA-256 d310bd70cad60794…

MALICIOUS

PDF

112.5 KB Created: 2022-11-21 21:27:38 +00:00 Authoring application: kaealyc (via PDF Master 1.0.1) First seen: 2026-06-10
MD5: 2b66d954def53bea555bf3d8ac99adfd SHA-1: 3ff72c5fc90019fb031eae9954dc797779b15ac4 SHA-256: d310bd70cad6079444b366ebf4b5442f5ab99d6bd4b67867b15e2a9593886f5a
94 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0014

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://hardlyfind.com/clopping/gory/ZG93bmxvYWR8UXAzZG1aaVlueDhNVFkyT0RnM05qazNOWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA&TGlmZSBpcyBTdHJhbmdlIDIgQ29tcGxldGUgU2Vhc29uIGZ1bGwgY3JhY2sgW0tleWdlbl0TGl/thrun&hyperspeed/intantile/phoenicians PDF link annotation
    • https://www.webcard.irish/pic-simulator-ide-v6-65-cracked-upd/In PDF document text
    • https://mylovelyplaces.com/wp-content/uploads/2022/11/impraym.pdfIn PDF document text
    • https://cgservicesrl.it/wp-content/uploads/2022/11/Euro_truck_simulator_2_autostop_mods_download_torent.pdfIn PDF document text
    • http://adomemorial.com/2022/11/21/download-_best_freethechimpparadoxpdfzip/In PDF document text
    • https://goandwork.net/wp-content/uploads/2022/11/kapgoo.pdfIn PDF document text
    • https://lifemyway.online/wp-content/uploads/2022/11/The_Neuro_Programmer_Professional_2_Full_Retail_With_Crack.pdfIn PDF document text
    • https://ameppa.org/wp-content/uploads/2022/11/cocoform.pdfIn PDF document text
    • http://turismoaccesiblepr.org/wp-content/uploads/2022/11/El_Dia_De_Muertos_Ivar_Da_Coll_Pdf_Downloadl.pdfIn PDF document text
    • https://wasshygiene.com/trimble-real-works-better-crack-21/In PDF document text
    • https://psychomotorsports.com/wp-content/uploads/2022/11/435ed7e9f07f7-629.pdfIn PDF document text
    • https://shipping200.com/wp-content/uploads/2022/11/aylyitz.pdfIn PDF document text
    • http://moonreaderman.com/my-secret-folder-5-1-crack-verified/In PDF document text
    • https://turn-key.consulting/2022/11/21/descargar-crack-__exclusive__-de-tc-2000-17/In PDF document text
    • http://www.giffa.ru/who/yajur-veda-sandhyavandanam-in-tamil-pdf/In PDF document text
    • https://hgpropertysourcing.com/wp-content/uploads/2022/11/UPD_Crack_ArchiCAD_14_PTBR_PORTUGUES.pdfIn PDF document text
    • http://www.vecchiosaggio.it/wp-content/uploads/2022/11/Adobe_Font_Folio_111rar_Hit_VERIFIED.pdfIn PDF document text
    • https://tosysconsultants.com/wp-content/uploads/2022/11/Adobe_Lightroom_Piratebay.pdfIn PDF document text
    • http://efekt-metal.pl/?p=1In PDF document text
    • https://smallprix.ro/static/uploads/2022/11/FoxitPhantomPDFBusinessv736321MultilingualPatchCoreX_BETTER.pdfIn PDF document text
    • http://www.studiofratini.com/romulo-gallegos-libros-pdf-27-hot/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • https://marc.info/?l=gopherd-security&m=155599785519153&w=https://marc.info/?l=gopherd-security&m=155901900075948&t=1559189478&u=https://marc.info/?l=gopherd-security&m=155919081160315&t=15591908117&h=879e12b0b26e89c0ece4e84750e9e949b4b65a26&d=1559216811In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001581.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1581 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off00009d6d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9D6D 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261