Malicious PDF — malware analysis report

Static analysis result for SHA-256 e86019d5658c2d5d…

MALICIOUS

PDF

133.3 KB Created: 2022-07-02 12:22:44 +00:00 Authoring application: jananic (via PDF Master 1.0.1) First seen: 2026-05-27
MD5: 8e4c9ca4b9974229e02b5d48a3789aa8 SHA-1: d73e5b10dbe8adba0f3455b20dc220708fd72640 SHA-256: e86019d5658c2d5d3133eeee4b0d4114d7cb1cafc18ecd252474b50efdd6311f
104 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0005

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://raisengine.com/hobbies/lifting/V2VsY29tZSAyIEthcmFjaGkgZnVsbCBtb3ZpZSBkb3dubG9hZCBpbiBoaW5kaSBoZAV2V=consist/ZG93bmxvYWR8eHIxWm5jMllYeDhNVFkxTmpjeE1qTXdOWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA=stratign/waterholes=bolstering PDF link annotation
    • https://amlakarike.com/wp-content/uploads/2022/07/fhm_romania_martie_2013_pdf_11.pdfIn PDF document text
    • http://bariatric-club.net/?p=27756In PDF document text
    • https://greenteam-rds.com/autocad-mechanical-2009-better-keygen-kickass-to/In PDF document text
    • https://theagriworld.com/wp-content/uploads/2022/07/Krishna_Sunil_Shetty_Full_Movie_33.pdfIn PDF document text
    • https://www.cr-comores.org/wp-content/uploads/2022/07/hawcomp.pdfIn PDF document text
    • https://www.smc-sheeva-marketing-co-ltd.com/advert/saw-8-online-subtitrat-in-romana-full-movie-top/In PDF document text
    • https://templobiblicoprovidence.org/sonnox-oxford-plugins-pack-rar-password-new/In PDF document text
    • https://www.theblender.it/graceogotthegreenleavespdffree-full/In PDF document text
    • https://islamiceducation.org.au/how-to-install-themes-on-your-iphone-no-jailbreak-__hot__/In PDF document text
    • https://waappitalk.com/upload/files/2022/07/7PSNxErKoVrNwVnbNOo5_02_e929d8c70c57a6aa2dcbe697ded1f248_file.pdfIn PDF document text
    • http://factsacademy.com/wp-content/uploads/2022/07/Slap_Bass_Essentials_Josquin_Des_Pres_Pdf_13.pdfIn PDF document text
    • http://www.todaynewshub.com/wp-content/uploads/2022/07/JetBrains_IntelliJ_IDEA_Ultimate_201873_2018_Crack_BEST_Crack_BEST.pdfIn PDF document text
    • https://starseamgmt.com/wp-content/uploads/2022/07/walisad.pdfIn PDF document text
    • http://scholadvice.com/?p=6278In PDF document text
    • https://talentoazul.cl/wp-content/uploads/2022/07/hedniv.pdfIn PDF document text
    • https://fraenkische-rezepte.com/elektronika-dasar-sutrisno-pdf-17/In PDF document text
    • http://brotherskeeperint.com/wp-content/uploads/2022/07/Microeconomia_Call_Y_Holahan_Pdf.pdfIn PDF document text
    • http://yogaapaia.it/archives/29265In PDF document text
    • https://www.2tmstudios.com/black-ops-1-zombies-mod-work/In PDF document text
    • http://archlooks.com/force-majeure-2014-hd-rip-720p/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_013_off0001a561.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1A561 119072 bytes
SHA-256: df221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7
font_00_sfnt_off000029b8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x29B8 84552 bytes
SHA-256: 22b397d91839f1c1b9e231b774e92bbab07f4cf05d174bb6afcadac449fb8a8e
font_01_sfnt_off0000b1c8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB1C8 83036 bytes
SHA-256: 6d13e73e85a502a13969f6a5eaecd0b275a0868c045f80b7d64ed55d70678261