Malicious PDF — malware analysis report

Static analysis result for SHA-256 f18d0cdf7edf3b4b…

MALICIOUS

PDF

87.2 KB Authoring application: https072057057www056practicematerial056com057NISM055Series055VII055exam055materials056html First seen: 2026-06-10
MD5: a81e5b881bffb4389d6556e629375d5f SHA-1: 3cfa6aded9f74d7e5a8649fa24b554920d861e13 SHA-256: f18d0cdf7edf3b4ba86fc91f11b929ce3dde841deb39de2da246ada4a7e902f8
80 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0199

Heuristics 4

  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI low PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.practicematerial.com/NISM-Series-VII-exam-materials.html In PDF document text
    • https://oopt22.ru/?s=certification%20nism-series-vii%20book%20torrent%20%25f0%259f%2594%25b3%20nism-series-vii%20exams%20training%20%25f0%259f%258d%25b5%20exam%20dumps%20nism-series-vii%20pdf%20%25f0%259f%258d%25b8%20search%20for%20%7b%20nism-series-vii%20%7d%20and%20easily%20obtain%20a%20free%20dowIn PDF document text
    • https://drive.google.com/openPDF link annotation
    • https://drive.google.com/open?id=1D7IVqFfgLcvtVwRidnRjT3jDNg8S7Ir0PDF link annotation
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000179b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x179B 21796 bytes
SHA-256: 3ac82716fe99e4b2fc3d9b9c93157093b5803ee5c853034270c91a52303c4c0e
font_01_sfnt_off000045d6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x45D6 23992 bytes
SHA-256: 79ac9215749d473ef7f730fe99c08987d54887844bc802f854a59c9679350888
font_02_sfnt_off00011253.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x11253 2548 bytes
SHA-256: 2947dc93e3b396cb10746e35e3d40709980ca0a6090f8198341f00ffa849092c
font_03_sfnt_off00011b85.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x11B85 4712 bytes
SHA-256: c6bb4fb8148950a9a2ae261f114c000f7a5baa05be9cde190d81d51f41380361

Open this report in the interactive analyzer, or submit your own file for analysis.