Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e47dae5dac5a635…

MALICIOUS

PDF

12.9 KB Created: 2015-07-16 22:10:48 +04:00 Authoring application: DOMPDF
MD5: 64f52deaedd35d61b3917d55f3725d12 SHA-1: fb4995f8c6ee5df4dde30e6e4c604b24b9804e17 SHA-256: 1e47dae5dac5a635e95f57cdbfcfbf394260b848ee2f733bbddc17176428e0e8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a significant number of external links, indicative of a link farm. The embedded URLs suggest a tactic to drive traffic to various websites, potentially for SEO manipulation or to serve further malicious content. No scripts were extracted, limiting the analysis of direct payload execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8856

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=678.2&tpnxb=2&pdf=678
    • http://aryservicos.com/index.php?article=160.2&upoiy=2&pdf=160
    • http://acast.ru/index.php?article=1609.5&zueuf=5&pdf=1609
    • http://photo-file.ru/index.php?article=2447.2&tpnxb=2&pdf=2447
    • http://brightworldinfotech.com/index.php?article=1856.2&qhahk=2&pdf=1856
    • http://photo-file.ru/index.php?article=2065.2&tpnxb=2&pdf=2065
    • http://turismoarteixo.com/index.php?article=899.5&ualnp=5&pdf=899
    • http://kredite-fuer-arbeitslose.net/index.php?article=629.2&ctfns=2&pdf=629
    • http://wbus.nl/index.php?article=273.7&exicf=7&pdf=273
    • http://photo-file.ru/index.php?article=698.2&tpnxb=2&pdf=698
    • http://photo-file.ru/index.php?article=749.2&tpnxb=2&pdf=749
    • http://photo-file.ru/index.php?article=1705.2&tpnxb=2&pdf=1705
    • http://www.mantrabeautybar.ca/index.php?article=728.2&chffj=2&pdf=728
    • http://photo-file.ru/index.php?article=2117.2&tpnxb=2&pdf=2117
    • http://marjangecevic.com/index.php?article=1765.1&vgslo=1&pdf=1765
    • http://photo-file.ru/index.php?article=742.2&tpnxb=2&pdf=742
    • http://menner-photo.com/index.php?article=2081.2&ijoko=2&pdf=2081

Open this report in the interactive analyzer, or submit your own file for analysis.