PDF static analysis report

Static analysis result for SHA-256 3e4a3366d41e95cb…

SUSPICIOUS

PDF

109.3 KB Created: 2018-06-11 09:08:05 -04:00 Authoring application: wkhtmltopdf 0.12.4 (via Qt 4.8.7) First seen: 2020-09-04
MD5: 9f9fe5f4aa60081223c1125f860fd5fa SHA-1: 5fcaca6d892c2ffd44f3f7e6b81e7452e1b41fe5 SHA-256: 3e4a3366d41e95cba4e0de4709f86e3bd5e9d59bc1019fd5b9a603b05cbc5e0a
40 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0512

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://uncpbisdegree.com/download3.php?q=walt-disney-bio.pdf In PDF document text
    • http://uncpbisdegree.com/download4.php?q=walt-disney-bio.pdfIn PDF document text
    • http://www.justdisney.com/walt_disney/biography/long_bio.htmlIn PDF document text
    • https://www.biographyonline.net/artists/walt-disney.htmlIn PDF document text
    • http://www.notablebiographies.com/De-Du/Disney-Walt.htmlIn PDF document text
    • http://www.notablebiographies.com/De-Du/index.htmlIn PDF document text
    • http://www.justdisney.com/walt_disney/biography/w_bio_short.htmlIn PDF document text
    • http://www.freebase.com/In PDF document text
    • http://uncpbisdegree.com/1/the-amateur-astronomer-reprint.pdfIn PDF document text
    • http://uncpbisdegree.com/1/staar-short-answer-prompt.pdfIn PDF document text
    • http://riverside-resort.net/1/volvo-240-1989-wiring-diagram.pdfIn PDF document text
    • http://riverside-resort.net/1/user-manual-cherry-tablet.pdfIn PDF document text
    • http://uncpbisdegree.com/1/the-basic-thought-of-bhagavan-mahavir.pdfIn PDF document text
    • http://uncpbisdegree.com/1/solution-manual-calculus-7th-edition-james.pdfIn PDF document text
    • http://riverside-resort.net/1/wordly-wise-3000-answer-key-lesson-6.pdfIn PDF document text
    • http://riverside-resort.net/1/vacuum-diagram-jeep-wrangler-1988.pdfIn PDF document text
    • http://uncpbisdegree.com/1/sony-mds-je500-owners-manual.pdfIn PDF document text
    • http://uncpbisdegree.com/1/syekh-siti-jenar-2-makrifat-dan-makna-kehidupan-achmad-chodjim.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://www.biography.com/people/walt-disney-9275533In PDF document text
    • https://www.biography.com/video/walt-disney-loveable-characters-2250866067In PDF document text
    • https://www.biography.com/people/walt-whitman-9530126In PDF document text
    • http://disney.wikia.com/wiki/Walt_DisneyIn PDF document text
    • http://en.wikipedia.org/wiki/Walt_DisneyIn PDF document text
    • http://www.imdb.com/name/nm0000370/bioIn PDF document text
    • https://en.wikipedia.org/wiki/Walt_DisneyIn PDF document text
    • https://en.wikipedia.org/wiki/Walt_Disney#BiographyIn PDF document text
    • https://en.wikipedia.org/wiki/Walt_Disney#HonorsIn PDF document text
    • https://en.wikipedia.org/wiki/Walt_Disney#Personality_and_reputationIn PDF document text
    • https://en.wikipedia.org/wiki/Walt_Disney#Notes_and_referencesIn PDF document text
    • https://www.youtube.com/watch?v=9hXsLTcgmLQIn PDF document text
    • https://www.britannica.com/biography/Walt-DisneyIn PDF document text
    • https://www.imdb.com/name/nm0000370/bioIn PDF document text
    • https://en.wikipedia.org/wiki/List_of_Walt_Disney_Pictures_filmsIn PDF document text
    • https://en.wikipedia.org/wiki/List_of_Walt_Disney_Pictures_films#Feature_films_by_decadeIn PDF document text
    • https://en.wikipedia.org/wiki/List_of_Walt_Disney_Pictures_films#Future_releasesIn PDF document text
    • http://www.whosdatedwho.com/dating/walt-disneyIn PDF document text
    • https://www.geni.com/people/Walt-Disney/6000000005291270001In PDF document text
    • http://www.amazon.com/-/e/B014J68Z0WIn PDF document text
    • http://creativecommons.org/licenses/by-sa/3.0/In PDF document text
    • https://156000342.r.bat.bing.com/?ld=d34UUI5QfD_exB4mhr8ilDNjVUCUxeTc0uEzfmeqhTcbh2eYzYOKUaWjwBcxq-N8d7I5pa3MeYNgduc09PDpMOGNZxJ8uWZYoKRmvflMHTszbhtb0ca95Re400x3MWJLQnjefHvAJh57PZTUGN0ao45Ylre31NUoENMVpheuybe5XSzJjv&u=http%3a%2f%2fwww.amazon.com%2fs%2f%3fie%3dUTF8%26keywords%3dwalt%2bdisney%2bthe%2bbiography%26tag%3dmh0b-20%26index%3daps%26hvadid%3d78271530320478%26hvqmt%3de%26hvbmt%3dbe%26hvdev%3dc%26ref%3dpd_sl_653lqjwbmt_eIn PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
    • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
    • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
    • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0001572a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1572A 15608 bytes
SHA-256: 3c6b4cc930fce2516c1185d24ab2f9b9dab2c04f6624b97644f1fd179528187a
font_01_sfnt_off00018685.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x18685 8976 bytes
SHA-256: 1fef24a1bd786b13854d8ff02ddbaff38125dd3ff6f17cd8d2318b03dc581916