PDF static analysis report

Static analysis result for SHA-256 3cb553e2b821ddd1…

CLEAN

PDF

82.1 KB Created: 2017-01-07 05:54:00 +08:00 First seen: 2018-10-07
MD5: 4f5b9eef6dc38bde4e881260a6a76d45 SHA-1: 54559f3f480a405a92c95ca9128dcc3f9fd6f13a SHA-256: 3cb553e2b821ddd10cb45ce554324e074ce3e1b099d6a5d95d875802d75329e8
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • Clickable URI points to raw IP address medium PDF_URI_IP_LITERAL
    PDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.alistatrans.ru/bbs/PwxPmruznrxcY_kzcb16354577Ptwi.pdf PDF link annotation
    • http://www.alistatrans.ru/bbs/tlGQ_m_foizzYkxk16354821dhn.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/kdshPsidYubhtdrlueckroYef16366994P.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/_kef_c_daoxrx16349912kal.pdfIn PDF document text
    • http://79.172.211.32/mail/_fYbsvxku16366242P.pdfPDF link annotation
    • http://79.172.211.32/mail/knhde16357446JnJ.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/catJso16359095l.pdfIn PDF document text
    • http://79.172.211.32/mail/lGabdufsYinnYrxadwxzm_x16357276ccQ.pdfIn PDF document text
    • http://79.172.211.32/mail/xdcbxnfrJGYm16366258k.pdfIn PDF document text
    • http://www.alistatrans.ru/bbs/xmfouQbnnzfkPcvme16354945hno.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/JPwukvkdxb_bcwdsmYvxkG16366823hJ.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/zruciPdkisrGtocitQckocdGfiPaQ16350051bcY.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/Qdtnzcltbmhuacz_wurJeudheumkum16359078P.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/nhbvYQninJnhbiQGfmmGsQfJ16367056uQmx.pdfIn PDF document text
    • http://79.172.211.32/mail/sxrfwtuvixmm_kPmad16357409Y.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/ndmkccunvJf_dmsmo16350055mxmd.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/mzclelb16358375dJhh.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/rsQ16358532zh.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/zmkkbbhG_PtYmswxPsch16359005znsm.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/mGndkbsJzfQbdunYe16350155PmQ.pdfIn PDF document text
    • http://79.172.211.32/mail/wnxssdoz16357837u.pdfIn PDF document text
    • http://79.172.211.32/mail/PxuurebuhzcszoiJxaGcaexnhoG_16366345s.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/zrwumehYcazsvh16349198nQ.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/shzhukbJQddnb16349607ibru.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/rrsx16349389sfY.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/lxGtsYPxPal16366972du.pdfIn PDF document text
    • http://79.172.211.32/mail/PurlGvibYJh16358030ah.pdfIn PDF document text
    • http://79.172.211.32/mail/enskiPa16357620d_fz.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/JblealbmcJJxdeYxabf_esdck16349494h.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/ummQmuwbfYtvs16364987x.pdfIn PDF document text
    • http://79.172.211.32/mail/dzlYnsYlashszrdnmdQivGQJawoum16357919hv.pdfIn PDF document text
    • http://79.172.211.32/mail/nizdxbYrJamvce16357790Gi.pdfIn PDF document text
    • http://79.172.211.32/mail/uatdisrwQexcol16366278r.pdfIn PDF document text
    • http://www.masterdea.it/mobile/veoxotsth15543628axk.pdfIn PDF document text
    • http://www.masterdea.it/mobile/ih_Jkok_flzcceckwwtlrQQiuGmJni15311306Qm.pdfIn PDF document text
    • http://blog.creative-dots.com/mobile/bkzcJloYncbbuztowof16225546tQ.pdfIn PDF document text
    • http://www.masterdea.it/mobile/htPhQiYfkfvG15331521Ph.pdfIn PDF document text
    • http://store.creative-dots.com/data/os_zaexiYd16232387xkvt.pdfIn PDF document text
    • http://79.172.211.32/mail/ilcxnmGi16357816fv.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/nzbxlQ_lkQzPQndGzowQ16349705_cm.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/bhlP_sG16350183Jbb.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/rGe16350165x_Yz.pdfIn PDF document text
    • http://79.172.211.32/mail/txJzhlvGa16357907m.pdfIn PDF document text
    • http://www.alistatrans.ru/bbs/_aGcxGPJJbdiv_Jb16354458o.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/tdGlsuiibkQxid_l16366901szcQ.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/ceQcnesisuQhvfcwkf16350091s_ns.pdfIn PDF document text
    • http://www.laureati.cz/perhapsorganize/zlGP_16359178vYix.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/historydepartment/ueshkfcsYhalYvJnkailu16349843wGsi.pdfIn PDF document text
    • http://79.172.211.32/mail/uriYYQrbor16357410vwb.pdfIn PDF document text
    • http://79.172.211.32/mail/xicr16357605zivP.pdfIn PDF document text
    +26 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000a115.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xA115 19964 bytes
SHA-256: 618b8df44c027594b3bdd437456ce4ae24e59e497af293138299ddb07ed3f52c
font_01_sfnt_off0000d70b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD70B 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off00010cce.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x10CCE 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1