PDF malware analysis — malicious · 08536a4e6c2a30ed

MALICIOUS

PDF

4.8 KB Created: 2015-06-03 16:39:37 +03:00 Authoring application: DOMPDF

MD5: 01f076f9f84e32adfe20c2a82f2f7f54 SHA-1: 42f188d5c7640b007c9d8628971c88e68fbce0fb SHA-256: 08536a4e6c2a30ed349e8622fe59bd0d46a83c04fd58ef79a27cd92c04451517

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These links appear to be part of a link farm designed to drive traffic to external websites, likely for SEO manipulation or to host malicious content. The document body contains text related to currency and stock trading, which serves as a lure to encourage users to click on the embedded links.

Machine Learning

Nyx PDF Classifier clean score 0.1434

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=703
- http://www.academiafutebolangola.com/index.php?2015/hmdeepfocus.pdf&audtr=1&aspx=1473
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=528
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=342
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=2209
- http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.