PDF malware analysis — malicious · 0c6a4c52e854e5a5

MALICIOUS

PDF

4.3 KB Created: 2015-06-03 17:00:28 +03:00 Authoring application: DOMPDF

MD5: 89c2510055a581356201f3d8abd25b91 SHA-1: 048d4f31b916bd9853d0a8af3112e2f96ac3e403 SHA-256: 0c6a4c52e854e5a531ef865a91aa25423c42f1d69c739ada1f4cc4d9fa7ba4f1

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified as a 'PDF_SEO_LINK_FARM' heuristic. The document body, while containing text related to forex trading, also includes these links, suggesting a potential lure to SEO-abused content or malicious websites. No scripts were extracted, but the presence of numerous URLs points towards a link-farming or redirection attack. The ML classifier also flagged the document as malicious.

Machine Learning

Nyx PDF Classifier malicious score 0.5447

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=2160
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=1444
- http://arquiteturaemarketing.com.br/index.php?2015/endurancelab.pdf&hjlcw=1&aspx=381
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=1526
- http://www.chateauderaousset.com/index.php?2015/assets.pdf&iukpl=1&aspx=229
- http://veranomusical.es/index.php?2015/booboodigital.pdf&ieycq=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.