PDF malware analysis — malicious · 3c407e52512bed4a

MALICIOUS

PDF

4.7 KB Created: 2015-06-03 17:00:52 +03:00 Authoring application: DOMPDF

MD5: e10477bdee110afa69bdc294d7f4afd2 SHA-1: 0929a930b63214b6982376e532ab59cdfa2c6030 SHA-256: 3c407e52512bed4a3c971a854f10df399b399e1b6a9ae713f9adea329ce05e51

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links designed to mimic SEO-optimized content, directing users to various external websites. The heuristic PDF_SEO_LINK_FARM indicates a deliberate attempt to create a link farm, likely to redirect users to malicious content or phishing sites. The document body contains text related to stock trading, which may be a lure to disguise the malicious intent. No scripts were extracted from this sample.

Machine Learning

Nyx PDF Classifier clean score 0.1457

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.tstp.tv/index.php?2015/sliding.pdf&fjzfq=1&aspx=535
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=2051
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=350
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=1480
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=2126
- http://veranomusical.es/index.php?2015/booboodigital.pdf&ieycq=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.