Malicious PDF — malware analysis report

Static analysis result for SHA-256 d3e35c2822c964c3…

MALICIOUS

PDF

121.6 KB Created: 2022-07-27 12:37:23 +00:00 Authoring application: sahvyedy (via PDF Master 1.0.1) First seen: 2026-06-21
MD5: 412628188e5966574074aad22b4214d2 SHA-1: 7ef7c04fb8e62f9da2eaf41e380bfb2886732d37 SHA-256: d3e35c2822c964c3821d4ee63f488e9ce66854bfffef59583091c2d745ef11ff
174 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0006

Heuristics 6

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Clickable URI points to raw IP address medium PDF_URI_IP_LITERAL
    PDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/caisson/trackpoint.capacious=chitlins?bWFzdGVyY2FtIDkuMSA2NGJpdC5yYXIbWF=&domination=ZG93bmxvYWR8Q1I4WkdOamFueDhNVFkxT0RJeE9UUTNNM3g4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA.eurotrip.pungent PDF link annotation
    • https://ystym.com/wp-content/uploads/2022/07/Informatica_PowerCenter_86_License_Key_Torrent_UPD.pdfIn PDF document text
    • https://ulrichs-flachsmeer.de/wp-content/uploads/2022/07/peti_beta_vst_12.pdfIn PDF document text
    • http://indiebonusstage.com/siemens-logo-soft-comfort-v7-0-30-full-rarl-extra-quality/In PDF document text
    • http://3.16.76.74/advert/hd-online-player-ayan-bluray-1080p-movie-free-372-top/PDF link annotation
    • https://h-stop.com/wp-content/uploads/2022/07/whavlad.pdfIn PDF document text
    • http://implicitbooks.com/advert/fuels-and-combustion-by-samir-sarkar-pdf/In PDF document text
    • http://thetruckerbook.com/2022/07/27/download-top-irshell-for-psp-6-60-28/In PDF document text
    • http://www.ganfornina-batiment.com/2022/07/27/full-catia-v5r19-64-bit-crack-free-download-hot/In PDF document text
    • https://isabelaentertainment.com/wp-content/uploads/2022/07/Download_TurbulenceFD_2018_For_Cinema4D_WORK.pdfIn PDF document text
    • https://www.camptalk.org/wp-content/uploads/2022/07/lenjana.pdfIn PDF document text
    • https://poll.drakefollow.com/sout.js?v=1.1.1In PDF document text
    • http://balancin.click/cutepdf-professional-3-7-keygen-fixed/In PDF document text
    • https://xn--80aagyardii6h.xn--p1ai/deep-freeze-software-for-windows-7-crack-download-_hot_-9898/In PDF document text
    • https://comoemagrecerrapidoebem.com/?p=35107In PDF document text
    • http://franklinpanama.com/full-kmspico-10-1-1-final-portable-office-and-windows-10-activator-upd/In PDF document text
    • https://supermoto.online/wp-content/uploads/2022/07/Yamashita_Treasure_Signs_And_Symbols_Pdf_14_FULL.pdfIn PDF document text
    • https://fluxlashbar.com/wp-content/uploads/2022/07/edwrosa.pdfIn PDF document text
    • http://www.4aquan.com/wp-content/uploads/2022/07/Sure_Cuts_Alot_2_Keygen_REPACK_11-1.pdfIn PDF document text
    • https://bodhibliss.org/shiva-trilogy-audiobook-mp3-free-15-hot/In PDF document text
    • https://seo-focus.com/software-download-logitech-quickcam-messenger-verified/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.