PDF malware analysis — malicious · 02eb2539c13b9b58

MALICIOUS

PDF

5.1 KB Created: 2015-06-03 16:39:48 +03:00 Authoring application: DOMPDF

MD5: b16f37f161d6dca9904b2600914112b5 SHA-1: 8cddfa4e2067f9614c6e52fb5799acf32df4dfc4 SHA-256: 02eb2539c13b9b58bf1f144dd8dadc265065382095903f3d14376dc8467011f9

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various external websites, suggesting a potential attempt to redirect users or manipulate search engine results. No scripts were extracted, but the presence of embedded URLs and the nature of the heuristic indicate a likely phishing or SEO-based attack vector.

Machine Learning

Nyx PDF Classifier clean score 0.1330

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.academiafutebolangola.com/index.php?2015/hmdeepfocus.pdf&audtr=1&aspx=292
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=1037
- http://www.academiafutebolangola.com/index.php?2015/hmdeepfocus.pdf&audtr=1&aspx=1851
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=2266
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=1559
- http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.