Malicious PDF — malware analysis report

Static analysis result for SHA-256 f9922f3957cc71c0…

MALICIOUS

PDF

133.0 KB Created: 2022-09-09 08:05:51 +00:00 Authoring application: javlaur (via PDF Master 1.0.1) First seen: 2026-06-13
MD5: 63db77e9e3f9734baa5673ad25785ff1 SHA-1: 685b63a2019b4cdabe71ea88bed908e7c0cdcf1c SHA-256: f9922f3957cc71c0791afd48aa6b166ba0c9eed6f9fa0b5331d00ede4e9f9e9d
134 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0007

Heuristics 5

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
    PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lehmanbrotherbankruptcy.com/unnecessary.bullying?ZG93bmxvYWR8R3g1TlRScFpIeDhNVFkyTWpZNE1ETTVNSHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA=luau/melville/comsume.UHJvZHVjdGlvbi5Bc3Npc3RhbnQudjIuMC43LmZvci5Tb255LlZlZ2FzLlByby5DcmFja2VkIERKaU5OLnJhcgUHJ.spire.unsealing PDF link annotation
    • https://1w74.com/manorama-year-book-pdf-download-hot/In PDF document text
    • http://apasisapun.ro/?p=65068In PDF document text
    • https://openaidmap.com/deadside-pc-game-__link__-free-download/In PDF document text
    • https://young-mesa-23887.herokuapp.com/HD_Online_Player_the_Chain_Kulii_Ki_Main_Kulii_downlo.pdfIn PDF document text
    • https://instafede.com/united-plugins-fire-sonic-��-fire-cobra-1-6-vst-vst3-aax-x86-x64-upd/In PDF document text
    • https://modawanapress.com/wp-content/uploads/2022/09/Codici_Attivazione_Fileviewpro_Gratis.pdfIn PDF document text
    • https://www.sb20ireland.com/advert/emicsoft-video-converter-4-0-06-key-rar-fix/In PDF document text
    • https://arabrothers.com/wp-content/uploads/2022/09/rule_the_rail_password_18.pdfIn PDF document text
    • https://verycheapcars.co.zw/advert/makroekonomi-mankiw-edisi-6-pdf-12-verified-5/In PDF document text
    • https://thawing-wave-55905.herokuapp.com/parnell.pdfIn PDF document text
    • https://heidylu.com/disk-drill-enterprise-3-3-846-verified-crack/In PDF document text
    • https://rondaplaces.com/wp-content/uploads/2022/09/FULL_IObit_Malware_Fighter_Pro_7704392_Crack_FREE.pdfIn PDF document text
    • https://qeezi.com/advert/ufs-explorer-serial-keygen-generator-__exclusive__/In PDF document text
    • https://atiqxshop.nl/wp-content/uploads/2022/09/Adobe_Encore_CS6_Portable7z_Download.pdfIn PDF document text
    • https://stormy-everglades-95316.herokuapp.com/Charlie_Houpert__Charisma_University.pdfIn PDF document text
    • https://szklanepulapki.pl/wp-content/uploads/2022/09/zeenoliv.pdfIn PDF document text
    • https://7to7free.com/wp-content/uploads/2022/09/CRACK_LabelJoy_700611_Server_Multilingual_BEST.pdfIn PDF document text
    • https://beznaem.net/wp-content/uploads/2022/09/Tropico_2_Il_Covo_Dei_Pirati_2CD_ITA_Patch_Crack_By_TXT_TNTV.pdfIn PDF document text
    • http://subsidiosdelgobierno.site/?p=25831In PDF document text
    • https://www.spinergo.com/wp-content/uploads/2022/09/HD_Online_Player_download_full_movie_Khiladi_420_in_7.pdfIn PDF document text
    • https://modawanapress.com/wp-In PDF document text
    • https://rondaplaces.com/wp-In PDF document text
    • https://atiqxshop.nl/wp-In PDF document text
    • https://7to7free.com/wp-In PDF document text
    • https://beznaem.net/wp-content/uploads/2022/09/Tropico_2_Il_Covo_Dei_Pirati_2CD_ITA_PIn PDF document text
    • https://www.spinergo.com/wp-In PDF document text
    • https://7to7free.com/wp-content/uploads/2022/09/crack_labeljoy_700611_server_multilingual_best.pdfIn PDF document text
    • http://www.tcpdf.orgIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_010_off000199fa.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x199FA 119072 bytes
SHA-256: df221e87b81d1531cafdadb6c09a602e9f604d1baf0a17bbd350cbb83baa06f7

Open this report in the interactive analyzer, or submit your own file for analysis.