PDF malware analysis — malicious · 18dd89a17f188936

MALICIOUS

PDF

4.6 KB Created: 2015-06-03 16:38:06 +03:00 Authoring application: DOMPDF

MD5: b10d7f93040f6bafbd22a1359c61d601 SHA-1: 5ad4e1f8f5977727ea02aecb2fbcb9640a404c90 SHA-256: 18dd89a17f1889368364f7d1fb956c7f69cb0fc029875ed1c5b1cfa565faebd6

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which are likely intended to direct users to malicious websites. The document body, while truncated, suggests a lure related to 'Bidvest bank investment options' and other financial topics to entice clicks. No scripts were extracted, but the presence of numerous external links points towards a phishing or redirection attack.

Machine Learning

Nyx PDF Classifier clean score 0.1457

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=1657
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=1510
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=449
- http://www.prequine.com/index.php?2015/torcida.pdf&fcldj=1&aspx=1519
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=704
- http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.