Malicious PDF — malware analysis report

Static analysis result for SHA-256 d3efb8d638e70312…

MALICIOUS

PDF

81.2 KB Created: 2022-06-09 05:23:20 +02:00 Authoring application: nelhek (via PDF Master 1.0.1) First seen: 2026-06-21
MD5: acfbf38c2f31b857461f6cb7a734ea93 SHA-1: 9eb13730fac1f03910374f0a537f23b4b9a6a495 SHA-256: d3efb8d638e70312bcfffc66eefdd7aec0d2f4a912c8615b6fdbc101039d4bbc
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0128

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/ZG93bmxvYWR8TmM4Tm5wcWJYeDhNVFkxTkRjek1EZzRObng4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA/coquitlan.bugbane?pillows=Um91Z2ggQm9vayBmdWxsIG1vdmllcyA3MjBwIHRvcnJlbnQUm9&kenisha= PDF link annotation
    • https://aposhop-online.de/wp-content/uploads/2022/06/Contex_Sd4430_Scanner_Driverepub.pdfIn PDF document text
    • https://xn--traspasosenespaa-lub.com/wp-content/uploads/2022/06/strafair.pdfIn PDF document text
    • http://www.nitbusinessdirectory.com.ng/nitbusinessdirectory/advert/sundarapandian-full-movie-1080p-hdgolkes/In PDF document text
    • https://ulsterlinen.com/wp-content/uploads/2022/06/walzac.pdfIn PDF document text
    • https://foam20.com/wp-content/uploads/2022/06/Nirmala_Aunty_Telugu_Movie_2012_Free_Download.pdfIn PDF document text
    • https://innovacioncosmetica.com/wp-content/uploads/2022/06/Free_Pixabay_Photoshop_Plugin_How_To_Add_Pixabay_Photos_To_P.pdfIn PDF document text
    • https://blacksocially.com/upload/files/2022/06/TBTIbFh6yzvLlXRGJoXG_09_87ecf7c865ea1122bf96dbb3bdc01f79_file.pdfIn PDF document text
    • https://weilerbrand.de/wp-content/uploads/2022/06/cicetan.pdfIn PDF document text
    • http://rsglobalconsultant.com/wp-content/uploads/2022/06/dalpeo.pdfIn PDF document text
    • https://www.beaches-lakesides.com/realestate/hd-online-player-super-nani-hd-video-download-720p/In PDF document text
    • http://www.ecelticseo.com/wp-content/uploads/2022/06/Movavi_Screen_Capture_Studio_1100_Crack_2019_Activation_Key.pdfIn PDF document text
    • http://www.101blackfriday.com/wp-content/uploads/2022/06/Driver_Cho_Gamepad_Nazar_V37.pdfIn PDF document text
    • https://inmueblesencolombia.com/?p=27632In PDF document text
    • https://revitiq.com/wp-content/uploads/2022/06/annala.pdfIn PDF document text
    • https://bloomhomeeg.com/wp-content/uploads/2022/06/Focusrite_Scarlett_Plugin_Suite_VST_RTAS_122_X86_X64.pdfIn PDF document text
    • https://letsgrowapple.com/connect/upload/files/2022/06/Mc3WQ7YBtWjycAeVMzw5_09_87ecf7c865ea1122bf96dbb3bdc01f79_file.pdfIn PDF document text
    • https://mywaterbears.org/portal/checklists/checklist.php?clid=5379In PDF document text
    • https://pteridoportal.org/portal/checklists/checklist.php?clid=11427In PDF document text
    • https://thetopteninfo.com/wp-content/uploads/2022/06/EXCLUSIVE_Download_Cyprus_Map_For_IGO.pdfIn PDF document text
    • https://www.caelmjc.com/wp-content/uploads/2022/06/List_Of_Coda_2_Serial_Number_Free_BETTER.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off000014cb.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x14CB 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4