Malicious PDF — malware analysis report

Static analysis result for SHA-256 461489831b41010b…

MALICIOUS

PDF

13.0 KB Created: 2015-07-15 05:54:20 +04:00 Authoring application: DOMPDF
MD5: 7bbb363a8a605f458aebdafc67ee73cc SHA-1: 87dd96ed2823a0ce6d67afe4893384161a8ae149 SHA-256: 461489831b41010be5370f8f07ea29cb13b8930d705a9c7eb0082a45478c839c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, indicative of a link farm. The primary heuristic firing, PDF_SEO_LINK_FARM, confirms the presence of numerous external links, with the first identified URL being http://primetimerecords.com/index.php?article=428.1&cvsqx=1&pdf=428. This suggests the document's purpose is to redirect users to a variety of websites, potentially for SEO manipulation or to serve as a distribution point for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8943

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://primetimerecords.com/index.php?article=428.1&cvsqx=1&pdf=428
    • http://www.lifedreams.es/index.php?article=798.1&isbrk=1&pdf=798
    • http://www.otomatmarket.com.tr/index.php?article=1654.1&vbepn=1&pdf=1654
    • http://primetimerecords.com/index.php?article=747.1&cvsqx=1&pdf=747
    • http://razan.com.ua/index.php?article=363.1&vafyr=1&pdf=363
    • http://primetimerecords.com/index.php?article=1993.1&cvsqx=1&pdf=1993
    • http://www.mantrabeautybar.ca/index.php?article=2402.1&rukbv=1&pdf=2402
    • http://bluntdistribution.com/index.php?article=1936.1&agzvq=1&pdf=1936
    • http://camus-sarl.fr/index.php?article=583.2&fnxpz=2&pdf=583
    • http://primetimerecords.com/index.php?article=503.1&cvsqx=1&pdf=503
    • http://primetimerecords.com/index.php?article=1521.1&cvsqx=1&pdf=1521
    • http://primetimerecords.com/index.php?article=2078.1&cvsqx=1&pdf=2078
    • http://www.kingdomfaithchurch.org/index.php?article=80.1&fksac=1&pdf=80
    • http://primetimerecords.com/index.php?article=1264.1&cvsqx=1&pdf=1264
    • http://turismoarteixo.com/index.php?article=2024.4&xcanf=4&pdf=2024
    • http://primetimerecords.com/index.php?article=1107.1&cvsqx=1&pdf=1107
    • http://logimarket.com.tr/index.php?article=986.1&ewcgf=1&pdf=986

Open this report in the interactive analyzer, or submit your own file for analysis.