Malicious PDF — malware analysis report

Static analysis result for SHA-256 e160caf4353bb969…

MALICIOUS

PDF

138.3 KB Created: 2022-07-04 04:48:35 +00:00 Authoring application: xylblac (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 2e6e8cd5ea5cd2654c75583f7464d530 SHA-1: 7baf22403eabb4c900c62ef5293d51bde4a790e3 SHA-256: e160caf4353bb9693d7000119c841ae0b1ff740ebce0742e3806f42bfce9393e
74 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains multiple heuristics indicating it is a lure for cracked software, with embedded URLs pointing to potentially malicious sites. The 'SE_PASSWORD_ARCHIVE_LURE' heuristic suggests the document may also be used to instruct users on how to access a password-protected archive, a common tactic to bypass security scanners. The primary malicious URL identified is http://emailgoal.com/...

Machine Learning

  • Nyx PDF Classifier clean score 0.0161

Heuristics 4

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://emailgoal.com/U3VwZXJDb29sIFJhbmRvbSBOdW1iZXIgR2VuZXJhdG9yU3V/regale/agostino/condenses?ZG93bmxvYWR8SGYwTnpabGQzeDhNVFkxTmpnNU1qTTFNbng4TWpVM05IeDhLRTBwSUhKbFlXUXRZbXh2WnlCYlJtRnpkQ0JIUlU1ZA=proving=serous.trult.meekness PDF link annotation
    • https://social.arpaclick.com/upload/files/2022/07/ln4HI86cEUdAXU2kKIiJ_04_46f18aa4c33bfddcd7a1be495ad8ee07_file.pdfIn PDF document text
    • https://protected-stream-06902.herokuapp.com/iWatermark_Pro.pdfIn PDF document text
    • https://www.iltossicoindipendente.it/2022/07/04/gpu-computing-sdk-crack-free-latest-2022/In PDF document text
    • https://mighty-wave-57620.herokuapp.com/Mania_Column_Centering.pdfIn PDF document text
    • https://delicatica.ru/2022/07/04/flash-programming-utilities-crack-for-windows-latest/In PDF document text
    • https://www.nzangoartistresidency.com/glcd-tools-crack-free/In PDF document text
    • https://vasclanek.cz/wp-content/uploads/2022/07/MESH.pdfIn PDF document text
    • https://fierce-wildwood-86885.herokuapp.com/Sketch_Studio.pdfIn PDF document text
    • https://murmuring-ravine-18689.herokuapp.com/sarmar.pdfIn PDF document text
    • https://ursgift.com/video-watermarker-2-6-5-updated-2022/In PDF document text
    • https://alumbramkt.com/total-finger-crack/In PDF document text
    • https://afroworld.tv/upload/files/2022/07/IEh8o5Guj76mcrU5Zain_04_2cf5f7086757055cc7aee7c26fd5909a_file.pdfIn PDF document text
    • https://www.luminenergia.com/2022/07/04/hp-quicksync-5-0-0-crack-download-march-2022/In PDF document text
    • https://knowconhecimento.com/drm-converter-crack-activation-key-download/In PDF document text
    • https://foodonate.ch/wp-content/uploads/2022/07/Movie_Maker__Video_Editor.pdfIn PDF document text
    • https://www.mypolithink.com/advert/syncplify-me-notepad-1-0-10-50-keygen-for-lifetime-free-latest-2022/In PDF document text
    • https://boiling-plains-28579.herokuapp.com/Missing_Poster_Portable.pdfIn PDF document text
    • https://social.arpaclick.com/upload/files/2022/07/ln4HI86cEUdAXU2kKIiJ_04_46f18aa4c33bfddcd7a1bIn PDF document text
    • https://afroworld.tv/upload/files/2022/07/IEh8o5Guj76mcrU5Zain_04_2cf5f7086757055cc7aee7c26fdIn PDF document text
    • https://www.mypolithink.com/advert/syncplify-me-notepad-1-0-10-50-keygen-for-lifetime-free-In PDF document text
    • https://sulnifootsnasucxi.wixsite.com/blowatrija/post/moo0-video-converter-5-13-crack-32-64bitIn PDF document text
    • http://tadanga.yolasite.com/resources/DVDFab-Profile-Editor--Crack-Free-Updated-2022.pdfIn PDF document text
    • https://wakelet.com/wake/hXyllWxMRLTPszlA_jPM6In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text
    • http://tadanga.yolasite.com/resources/dvdfab-profile-editor--crack-free-updated-2022.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.