Malicious PDF — malware analysis report

Static analysis result for SHA-256 d6320b053408935d…

MALICIOUS

PDF

125.5 KB Created: 2022-07-04 04:10:15 +00:00 Authoring application: quaidel (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: cbfdcc07d86a65e871d41b55523438f0 SHA-1: 948e832f79a591f67f526b957b222943f547ce33 SHA-256: d6320b053408935dcc9ef548403c2aeedb72cf04b02ec1f7d8ccc9657eb3ed50
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of external links, a technique often used for SEO spam or to redirect users to malicious sites. The heuristic 'PDF_SEO_LINK_FARM' specifically flags this behavior, indicating a likely attempt to distribute malware or engage in phishing. No scripts were extracted, and the document body was heavily truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0083

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://hardlyfind.com/Q3J5cHRHZW5SYW5kb20Q3J.ZG93bmxvYWR8cngwTmpsbk1ueDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA.dualistic/excitability/kilmor/grondona.paddings
    • https://bluesteel.ie/wp-content/uploads/2022/07/Limnor_Codeless_Programming_System.pdf
    • https://bustedrudder.com/advert/prode-properties-crack-free/
    • http://spacexmanpower.com/the-livmach-organism-simulation-framework-crack-x64-march-2022/
    • https://marketingbadajoz.com/swiss-railway-clock-torrent-latest/
    • https://sunnygeeks.com/wp-content/uploads/2022/07/harwhar.pdf
    • http://moonreaderman.com/leapic-media-cutter-updated-2022/
    • https://islandcremations.com/wp-content/uploads/2022/07/gaivish.pdf
    • https://theangelicconnections.com/mytools-crack-serial-key/
    • https://www.cameraitacina.com/en/system/files/webform/feedback/nakmar425.pdf
    • https://instantitschool.com/personal-customer-base-crack-license-key-download-latest-2022/
    • https://myirishconnections.com/2022/07/04/
    • https://www.steppingstonesmalta.com/olfolders-pe-11-31-crack-download-mac-win-latest-2022/
    • https://www.realteqs.com/teqsplus/upload/files/2022/07/DJ6iFekb6TJgIgQAGtlL_04_9f7c6e8951d929876dbfacc19e38a3f0_file.pdf
    • https://www.easyblogging.in/wp-content/uploads/2022/07/WinPos_Crack_Activator_Latest_2022.pdf
    • https://goodforfans.com/upload/files/2022/07/cgxQVaW8FB1pgYjqLtiG_04_a4d3e2b0ba6deb24e18bee93635f9174_file.pdf
    • https://greenearthcannaceuticals.com/ifetcher-crack-download-pc-windows-2022-latest/
    • https://seoburgos.com/wp-content/uploads/2022/07/faipata.pdf
    • https://csermooc78next.blog/2022/07/04/the-codeassistor-editor-crack-license-key-free/
    • https://www.dominionphone.com/magic-bookmarks-license-key-free-april-2022/
    • https://posmoiricy1976.wixsite.com/bugniconlanp/post/dosbox-0-65-config-editor-crack-download
    • http://www.tcpdf.org
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.