PDF static analysis report

Static analysis result for SHA-256 3c8c5ab053c9a44a…

SUSPICIOUS

PDF

88.4 KB Created: 2016-12-26 16:19:45 +08:00 First seen: 2018-10-07
MD5: 1c8838e407738bc4c85196c9f26c0a59 SHA-1: ac2718835f429bd401ad2c1aef575db90fd8b3a6 SHA-256: 3c8c5ab053c9a44a47612ede3e0a35d99c3a2b596246dbbd6d5998c2dd839963
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/pasttax/strongdepartment.php/zm_QcJcebGf16218777xvtb.pdf PDF link annotation
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/wQtGJQzweheJvoxucxun_dxxYdPi16218502s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ecwimmuezuYJPzJYtzbww16219359iYkJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/nJfacJYJYctQvG_vQGvmGzubhvQwx16218851Jar.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/k_uQxdleonuxawlic__t_Pchkxml16218491eto.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/tidoczfshfxQnfk16218925h.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/naiGYnYoknGnenwG16219357eul.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/mahPPYJinbeslb_Yolxznfmns16219103dow.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ila16218959h.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ktcxJiso16218858G_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/fxhv16219048kd.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/nd_tn16218756emQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/vimzduzczQzmkhmcnbtvix_oi16219002zv_b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/Qzzfv_PPzcuhiGbluGkruYrQGvwG16218899iYlJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ruwhJvJrliewrstYvmlQrPabvfnQ16218945takt.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/cvurifkmJbitGc_znsdJmvGYwPlfY16219139cPkY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/iitJdicota16218684Qc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/enlQwb16218626oksi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/siimelxQGvkdGthescdza16219196hc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/YtrxslucPvob_hxo_xQ16218639aovf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/PmJYmwxhfu_lfvsslQzxnPGxbwtmhu16218857hbw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ecobwcGcl_nsxQm16218946_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/enimvrPhvchixeYnvGlGlPa16218980vrv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/tiYQabbPuGJYxec16219352uos.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/QrnJnoiu_xbcYQQoQo16218601ohJP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/hhi16218966w.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/YeahPhoxbo16218524xl.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/Pcidkaf16219191hb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ezQmlhl_nJzPxxdooldhQtrtYd16218673ha.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/uwufiuGz_zvefGcbYu_tzwni_i16219101c.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/dzGaudbumasvsthliwcGo16219107c_h.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/mtaeesY16219187dkev.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/tYcankwfJxYrb_amoGhonutueocu16218875vt.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/xYoYaGadamrkr16219227_.pdfIn PDF document text
    • http://www.asconbs.dk/asc/rebbtv16149301PYQ.pdfIn PDF document text
    • http://hrsphotography.org/officequite/naQGlYzaneamYvlYxelz15420706vfP.pdfIn PDF document text
    • http://citrusheightsplumbing.net/tmp/mJebPPln15726856eQfz.pdfIn PDF document text
    • http://www.toledano.fr/media/koYhJkbvYoJahbcvkPe15870256GwG.pdfIn PDF document text
    • http://www.citrusheightsplumbing.net/.well-known/nPbdPJhYfw_oQ15501735lbw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/aio_vitofsvJeGGGoeiot16218532P.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/ezri16218992kQJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/oQrlxaQfwkou16219334zGQe.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/JliibbolfYnxPmfaalYGvxa16218832t.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/wvuuwabchauh_xroQvb16218941w.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/uGlduGQtsYbtGbvaut16218853tPis.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/obuutc_s16219217ult.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/GPfJtmhzzonleYrwuudzemmfGrhc16219237co.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/lmreoiGJvPGvuisvfuaJdrJGxQl16218687GkYo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/JtauPanrseGok16219026Q.pdfIn PDF document text
    • http://dubaipropertyrentals.net/pasttax/strongdepartment.php/lemJedbliw_acomo16218760G.pdfIn PDF document text
    +27 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000b98f.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB98F 20248 bytes
SHA-256: 5641958373da137ddc56674ca2af3b239d8aa32de81006123ec8e2b2e7759e76
font_01_sfnt_off0000f035.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF035 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000125fa.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x125FA 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1