Malicious PDF — malware analysis report

Static analysis result for SHA-256 eccffcff9d896e8e…

MALICIOUS

PDF

526.9 KB Authoring application: https072057057www056latestcram056com057800055150055exam055cram055questions056html First seen: 2026-06-10
MD5: 8699a88be00974f07347f2a4e2c6a05b SHA-1: 50dd682dcd180b8ae56697926fa47eb3560c9052 SHA-256: eccffcff9d896e8e197df719d3255e3ae3a5626e391fc525c02bc4086038c508
80 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0046

Heuristics 4

  • Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
    Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI low PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.latestcram.com/800-150-exam-cram-questions.html In PDF document text
    • http://www.suivil.ro/?s=cisco%20800-150%20valid%20torrent%20spend%20your%20little%20time%20and%20energy%20to%20pass%20800-150%20exam%20%25f0%259f%2590%2586%20search%20for%20%25e2%259e%25a0%20800-150%20%25f0%259f%25a0%25b0%20and%20easily%20obtain%20a%20free%20download%20on%20%7b%20www.pdfvce.com%20%7In PDF document text
    • https://drive.google.com/openPDF link annotation
    • https://drive.google.com/open?id=17jj8I6Trd7nLXEP7aYD6NgjIUT-JkyGIPDF link annotation
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off0000457a.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x457A 24972 bytes
SHA-256: ff51577d2d1067a88a9b9f43db68000f1e344952a73d43c579bbb2f012db5032
font_00_sfnt_off000016b4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x16B4 22024 bytes
SHA-256: 5228cb9780de369b913b0a9e82c95cc4af28c4805c0b304ddd6abf6191275699
font_02_sfnt_off0007f2fb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7F2FB 3784 bytes
SHA-256: bb4e6dea0df43ae8633cb841fbe19db20c42607f159f47d1fc734f96862cb06d
font_03_sfnt_off0008134c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8134C 2572 bytes
SHA-256: c6277a08b0641a5d6d996c0ef20b370f9cf6fc92ed1d91fba384e9ed56dc8b7f

Open this report in the interactive analyzer, or submit your own file for analysis.