Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4559a779993d586…

MALICIOUS

PDF

122.2 KB Created: 2022-07-17 02:43:49 +00:00 Authoring application: lisquyn (via PDF Master 1.0.1) First seen: 2026-07-01
MD5: b8fb0b855146e4af95f58cf4e6785571 SHA-1: bc8a27be635bc2a2e592432951c330475343500e SHA-256: e4559a779993d586735d6e1d99def12e87633c2b9d6997e5da9e5767f83c1405
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0010

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Cracked-software lure uses download-gateway redirectors high PDF_CRACKED_SOFTWARE_REDIRECTOR_LINK_FARM
    PDF contains multiple cracked-software/keygen/serial-key lure links together with long encoded download-gateway URLs or known crack-download redirector hosts. This is stronger than generic piracy vocabulary: the document is an SEO lure that funnels users through redirect/download infrastructure commonly used for adware, unwanted software, or droppers.
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://siteslocate.com/aldis/grunge?ZG93bmxvYWR8ZEIxTkhOMGVueDhNVFkxT0RBd05qWTVPWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA=edginess/RURJUk9MIEh5cGVyIENhbnZhcyBWU1RpIERYaSB2MS42LjAgKFRFQU0gQWlSKSA2NCBiaXQRUR.locum.minimun.permanency PDF link annotation
    • https://cancuntourssale.com/wp-content/uploads/2022/07/kart_racing_pro_license_keygen_14.pdfIn PDF document text
    • https://www.vakantiehuiswinkel.nl/abbyy-finereader-corporate-15-2-101-497-incl-crack-_verified_-portable-download-pc/In PDF document text
    • https://www.newportcyclespeedway.co.uk/advert/meluha-gujarati-pdf-free-work-download/In PDF document text
    • https://melhoreslivros.online/yu-gi-oh-gx-power-of-chaos-chazz-the-vainglory-modpc-key-link/In PDF document text
    • http://villa-mette.com/?p=42699In PDF document text
    • https://www.samartheducation.org/wp-content/uploads/2022/07/Du_Meter_7_11_NEW_Keygen_Generator.pdfIn PDF document text
    • https://www.jatjagran.com/wp-content/uploads/CCleaner_Pro_5637540_Key_Crack_Full_Version_High_Quality-1.pdfIn PDF document text
    • https://startpointsudan.com/index.php/2022/07/17/cual-es-el-codigo-de-activacion-de-dragon-city-hack-tool-5-8v-yahoo/In PDF document text
    • http://capabiliaexpertshub.com/wp-content/uploads/2022/07/rashham.pdfIn PDF document text
    • https://wanoengineeringsystems.com/acronis-true-image-echo-enterprise-server-9-7-8398-acronis-unive-better/In PDF document text
    • https://speedhunters.al/wp-content/uploads/2022/07/Cryptnav_Vw_Europa_2014.pdfIn PDF document text
    • https://72bid.com?password-protected=loginIn PDF document text
    • https://kivabe.info/wp-content/uploads/2022/07/100obrasmaestrasdelamusicaclasicadescargartorrent.pdfIn PDF document text
    • https://myirishconnections.com/wp-content/uploads/2022/07/Quimica_Organica_Vollhardt_5_Edicion101.pdfIn PDF document text
    • https://www.arunachalreflector.com/2022/07/17/outlines-of-chemical-technology-dryden-pdfl-exclusive/In PDF document text
    • http://freemall.jp/autodesk-robot-structural-analysis-professional-2014-serial-number-keygen-_best_.htmlIn PDF document text
    • https://designpress.it/wp-content/uploads/2022/07/Mpmm_Professional_Serial_Number.pdfIn PDF document text
    • https://mh-tech2u.com/wp-content/uploads/2022/07/Samsung_Ml_1865w_PRINTER_Firmware_Reset12_FREE.pdfIn PDF document text
    • https://7blix.net/wp-content/uploads/2022/07/alecha.pdfIn PDF document text
    • https://www.nonteek.com/wp-content/uploads/2022/07/Deep_hiarcs_14_uci_chess_engine_download.pdfIn PDF document text
    • https://www.vakantiehuiswinkel.nl/abbyy-finereader-corporate-15-2-101-497-incl-In PDF document text
    • https://www.samartheducation.org/wp-In PDF document text
    • https://www.jatjagran.com/wp-In PDF document text
    • https://startpointsudan.com/index.php/2022/07/17/cual-es-el-codigo-de-activacion-de-dragon-city-In PDF document text
    • https://wanoengineeringsystems.com/acronis-true-image-echo-enterprise-server-9-7-8398-acronis-In PDF document text
    • https://kivabe.info/wp-In PDF document text
    • https://myirishconnections.com/wp-In PDF document text
    • https://www.arunachalreflector.com/2022/07/17/outlines-of-chemical-technology-dryden-pdfl-In PDF document text
    • http://freemall.jp/autodesk-robot-structural-analysis-professional-2014-serial-number-In PDF document text
    • https://mh-tech2u.com/wp-In PDF document text
    • https://www.nonteek.com/wp-In PDF document text
    • http://siteslocate.com/aldis/grunge?zg93bmxvywr8zeixtkhomgvuedhnvfkxt0rbd05qwtvpwhg4twpvnu1iedhlrtbwsuzkdmntundjbvz6y3lcyldfmu1vbejesuzzeulgqkvsbda=edginess/rurjuk9mieh5cgvyienhbnzhcybwu1rpieryasb2ms42ljagkfrfqu0gqwlsksa2ncbiaxqrur.locum.minimun.permanencyIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002cf0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2CF0 84508 bytes
SHA-256: 2b7ba551bea82cc3307397981c1dbeb1b78486f95f2eb14e5e58d4e1b24edb0c
font_01_sfnt_off0000b4dc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB4DC 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261