PDF static analysis report

Static analysis result for SHA-256 347538bde9402c13…

SUSPICIOUS

PDF

103.7 KB Created: 2018-06-11 09:32:05 -04:00 Authoring application: wkhtmltopdf 0.12.4 (via Qt 4.8.7) First seen: 2020-08-25
MD5: fc328fbd11fb924fe6e20aeac9d805d0 SHA-1: 309709d3c1a21c0322f09d3cb5d3276b1b588f74 SHA-256: 347538bde9402c13dbf9e90090626aae00953c08c23d3e4970b653be4d399e7c
40 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.1026

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://uncpbisdegree.com/download3.php?q=splat-the-cat-the-big-helper.pdf In PDF document text
    • http://uncpbisdegree.com/download4.php?q=splat-the-cat-the-big-helper.pdfIn PDF document text
    • http://creativemadnessmama.com/blog/2017/08/15/splat-cat-big-helper-rob-scotton-review/In PDF document text
    • http://sendetrendle.com/reads-online/splat-the-cat-the-big-helper.pdfIn PDF document text
    • http://riverside-resort.net/1/shtty-mom-the-parenting-guide-for-rest-of-us-mary-ann-zoellner.pdfIn PDF document text
    • http://riverside-resort.net/1/senselessness-horacio-castellanos-moya.pdfIn PDF document text
    • http://riverside-resort.net/1/the-daily-five-gail-boushey.pdfIn PDF document text
    • http://riverside-resort.net/1/totto-channeru.pdfIn PDF document text
    • http://riverside-resort.net/1/the-great-depression.pdfIn PDF document text
    • http://riverside-resort.net/1/so-near-so-far-the-richard-delancey-novels.pdfIn PDF document text
    • http://riverside-resort.net/1/simpletech-sp-uf35-250-storage-owners-manual.pdfIn PDF document text
    • http://riverside-resort.net/1/spelling-conventions-book-5-answers.pdfIn PDF document text
    • http://riverside-resort.net/1/solution-manual-differential-equations-5th-edition-zill.pdfIn PDF document text
    • http://riverside-resort.net/1/show-me-the-numbers-designing-tables-and-graphs-to-enlighten-hardcover.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://0.r.bat.bing.com/?ld=d31PTiiu2TC1sr3il1F07jKDVUCUy7aVVVxeSMu6Q0JfVGBYq-9Klzt8I4H3JtYiweSmOPP4vHwaY3BMy8IqGCBwySGYjvHLVVCaHovAGgj87v-t93mwSCuGNaaRpewDxxYzMsSTDoyaVyO3PXHH4lgbG94hfG9iC1vt5MreLLzA-pCc1u&u=http%3a%2f%2fwww.amazon.com%2fs%2f%3fie%3dUTF8%26keywords%3dsplat%2bthe%2bcat%2bthe%2bbig%2bhelper%26tag%3dmh0b-20%26index%3daps%26hvadid%3d78271536545801%26hvqmt%3de%26hvbmt%3dbe%26hvdev%3dc%26ref%3dpd_sl_2csu7qhc3p_eIn PDF document text
    • https://www.amazon.com/Splat-Cat-Helper-Rob-Scotton/dp/006229427XIn PDF document text
    • https://www.amazon.com/Childrens-Books/b?ie=UTF8&node=4In PDF document text
    • https://www.amazon.com/Issues-Childrens-Books/b?ie=UTF8&node=1084192In PDF document text
    • https://www.barnesandnoble.com/w/splat-the-cat-rob-scotton/1119908775In PDF document text
    • http://www.goodreads.com/work/editions/42205773-splat-the-cat-the-big-helperIn PDF document text
    • https://www.goodreads.com/book/show/22693210-splat-the-catIn PDF document text
    • https://www.amazon.com/product-reviews/006229427XIn PDF document text
    • https://www.christianbook.com/splat-the-cat-the-big-helper/rob-scotton/9780062294272/pd/294272In PDF document text
    • https://www.harpercollins.com/9780062294272/splat-the-cat-the-big-helperIn PDF document text
    • https://www.pinterest.com/pin/229472543491208685/In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
    • https://www.barnesandnoble.com/w/splat-the-cat-rob-scotton/1119908775?ean=9780606364911In PDF document text
    • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
    • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
    • https://www.christianbook.com/splat-the-cat-the-big-helper/rob-sIn PDF document text
    • https://www.harpercollins.com/9780062294272In PDF document text
    • https://www.pinterest.com/pin/229472543491208685In PDF document text
    • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000140ee.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x140EE 15344 bytes
SHA-256: e169fbcdd551987e6c39b80152df794fd0089ca663ffb4ed91e1402909819f48
font_01_sfnt_off00016f15.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x16F15 9912 bytes
SHA-256: e4321b9168492da5b7f7b7f4b299f3393f0809fd8d719a8a2f797e768dd6eaf9