PDF static analysis report

Static analysis result for SHA-256 f74d52d42426b761…

SUSPICIOUS

PDF

134.5 KB Created: 2022-06-09 23:30:27 +02:00 Authoring application: torrkal (via PDF Master 1.0.1) First seen: 2022-07-15
MD5: 0a7f276db20c4c4f56b97859a27d6370 SHA-1: 0e13c53d38a8da493eae4f7efd6a57b6d2f65355 SHA-256: f74d52d42426b761e2ac5faee2f9327ea49ca933f881cb552a571721a0f1c38c
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0085

Heuristics 3

  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://evacdir.com/spectator/appetiser.garageband.ZG93bmxvYWR8V2U3Wm5wbU0zeDhNVFkxTkRjNE1EYzROM3g4TWpVNE4zeDhLRTBwSUVobGNtOXJkU0JiUm1GemRDQkhSVTVk/SW5QYWdlIFBybyAzLjA2IENyYWNrIFZlcnNpb24gKEZ1bGx5IFdvcmtpbmcpLmV4ZQSW5/lateral/touched PDF link annotation
    • https://movingservices.us/index.php/2022/06/09/frontofficefootballeightcrackserialkey-_verified_/In PDF document text
    • https://morning-headland-77045.herokuapp.com/jamsamp.pdfIn PDF document text
    • http://www.rosesebastian.com/2022/06/09/cisco-cucm-callmanager-9-1-1-10000-11-sgn-bootable-iso-4-56-gb-upd/In PDF document text
    • https://sheltered-meadow-27042.herokuapp.com/solucionario_de_ecuaciones_diferenciales_dennis_zill_9_edici.pdfIn PDF document text
    • https://limitless-river-53499.herokuapp.com/RedFox_AnyDVD_HD_8160_Final_Patch_CracksNow_Download.pdfIn PDF document text
    • https://ipayif.com/upload/files/2022/06/XbZyrbOZMiV6KiksGcIX_09_b775c8634f77537a70ddfc69b6fa02dd_file.pdfIn PDF document text
    • https://whispering-brushlands-97849.herokuapp.com/rafjam.pdfIn PDF document text
    • http://pixelemon.com/vector-works-2016-crack-23-link/In PDF document text
    • https://frozen-taiga-35029.herokuapp.com/wilben.pdfIn PDF document text
    • https://fathomless-garden-01096.herokuapp.com/fatiha_ka_tarika_pdf_18.pdfIn PDF document text
    • https://lit-headland-39105.herokuapp.com/ugoarn.pdfIn PDF document text
    • https://secret-wildwood-45492.herokuapp.com/pcmscan_v2_4_12_keygen_717.pdfIn PDF document text
    • https://colonialrpc.com/advert/adobe-acrobat-xi-pro-11-0-27-patch-rar-exclusive/In PDF document text
    • https://one97.online/advert/celebrity-model-escort-in-ghaziabad/In PDF document text
    • https://pure-sierra-15197.herokuapp.com/marglo.pdfIn PDF document text
    • https://nadinarasi.com/?p=6118In PDF document text
    • http://www.7daystobalance.com/advert/lxk-proteus-7-10-sp0-eng-v1-0-0-exe/In PDF document text
    • https://dogrywka.pl/catia-v5r21-free-crack-jsogroup-dll-r/In PDF document text
    • https://www.raven-guard.info/el-rio-wade-davis-pdf-2/In PDF document text
    • https://efekt-metal.pl/witaj-swiecie/In PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00001440.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1440 120140 bytes
SHA-256: a217f12862e0ff75203bdd4136ca0d68471050be46bb09aed5306898926ffdd4