Malicious PDF — malware analysis report

Static analysis result for SHA-256 3d008669704391bf…

MALICIOUS

PDF

12.5 KB Created: 2015-07-16 23:45:44 +04:00 Authoring application: DOMPDF
MD5: a748537da38c4b7260b842fb02bc0d97 SHA-1: 71c2d15468b9c484748c387ab4a78c817053c79c SHA-256: 3d008669704391bfa2447e68fbee255982680394dea39f0e03ff911c1e6207ab
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded URLs, indicative of a link farm. The primary attack pattern observed is the use of these numerous links, likely to direct users to malicious sites. No scripts were extracted, and the document body contained mostly obfuscated or irrelevant data.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://chavagnes.com/index.php?article=832.3&pvfgd=3&pdf=832
    • http://massiv-holz-moebel.de/index.php?article=96.2&svoin=2&pdf=96
    • http://www.mantrabeautybar.ca/index.php?article=553.2&chffj=2&pdf=553
    • http://chavagnes.com/index.php?article=827.3&pvfgd=3&pdf=827
    • http://hotrodderclassifieds.com/index.php?article=1789.1&hjjgr=1&pdf=1789
    • http://chavagnes.com/index.php?article=2311.3&pvfgd=3&pdf=2311
    • http://asinvestmentgroup.com/index.php?article=1820.1&jckgl=1&pdf=1820
    • http://wilsonswharf.com/index.php?article=1078.8&zhjjx=8&pdf=1078
    • http://konserborsasi.com/index.php?article=1413.1&ntrdf=1&pdf=1413
    • http://chavagnes.com/index.php?article=2425.3&pvfgd=3&pdf=2425
    • http://chavagnes.com/index.php?article=260.3&pvfgd=3&pdf=260
    • http://chavagnes.com/index.php?article=1126.3&pvfgd=3&pdf=1126
    • http://ve-klubben.dk/index.php?article=1472.2&fewta=2&pdf=1472
    • http://chavagnes.com/index.php?article=2489.3&pvfgd=3&pdf=2489
    • http://bmwt.pt/index.php?article=2462.2&qvacx=2&pdf=2462
    • http://chavagnes.com/index.php?article=1062.3&pvfgd=3&pdf=1062
    • http://fotosalon-zoom.ru/index.php?article=2127.4&sufyu=4&pdf=2127

Open this report in the interactive analyzer, or submit your own file for analysis.