PDF static analysis report

Static analysis result for SHA-256 472205694e56befe…

SUSPICIOUS

PDF

85.1 KB Created: 2016-12-26 18:41:50 +08:00 First seen: 2018-10-07
MD5: 24e5f70478d0065118e9c21e6ca1d0bd SHA-1: 08c8b9774d5f6375ddfd856ece7436a8b1d35848 SHA-256: 472205694e56befe6ba027253607ee0b8c1c67a42cf48b97e209f77bd8e72d36
32 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 2

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/idealow/causemusic.php/hzxd_taQfkcninomwu_16215480dntx.pdf In PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kwwPt16215801Pu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wbtebJnszu_u_vvbGmcJzQr16215706dfr.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rbixluovs_Yr16215825d.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lzeYQmidzcGcJsxozrYhcbGYm_16215536r.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/JYnmmGdzPYfwmPvctfosnwmQz16215661rP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/nYYclhrdr_xs16215516axo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/Ga_Qow_zGPicevkQz_olJmsJ16215956ord.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/aQ_mslhQkrhzzJ16215576Jk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/YvhosozlPmh_zivhacenrrJd_16215469vQh.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bu_cho16216109b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bbP_dQcwhnmzGlvmromPPcPavvt16215973nf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dlrowQoGhluukfJ16215710Qu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xrzdJmxQnJoGvsuldbthYkf16215378ueit.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/veu16215259Pxll.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/udte__hhebakQzsodP16215204ivG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xGGPiahleka_YxJbvacebwu16215298hsfk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/tGhtsPmxQ16215401xwm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/vkbQnerJoYJ_Gcors16215454zf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/khudJevrmGGahfcmsnPbYd_weich16215274_tf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/orvPYfirfbfiGntwa16215590mbma.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dxnarQsnxtxckYQQdGkrt16215892lvwo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xf_akkowPbnzsstYathQvt16215474fvw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rfQmzzncnvctawzYxudli16215188u.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ldiiJxl16215924xYad.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/olvwrzhJornGQdxbrJJk16215960fwQn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/sirtb16215419o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dtiJzJcrcsYbn16215762uv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/YthhQfuodhsJ_zleuklxQPvniG16216001if_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/saisvwGo16215904ilP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/arnoktbxkJQhfvn16215752m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_ftun_xe_erdQvbrsbvrclti16215990nb.pdfIn PDF document text
    • http://www.citrusheightsplumbing.net/wp-includes/ePwPdxukcxkuYQfnkmGx15985085dQl_.pdfIn PDF document text
    • http://fwrites.com/deseunkJsh_sJ_lzPta7309925_ak.pdfIn PDF document text
    • http://thegoprofamily.com/talknecessary/tGdPPGudP_w_s15907240QJdn.pdfIn PDF document text
    • http://tandemparaglading.com/astech/howacu15552690c.pdfIn PDF document text
    • http://pdmi.ca/information/taxGtmfzzz13155977r.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bhPQ__zGdiczcQnGuQtxihzQuxzP16215623ltrf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cGxdJJdJ_irmPPcxrrmQuuuxbaoid16215266b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/nrcadJbJzssaPvktchlGlxPcihh16215955sr.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/k_binnzuzvQezPsYmwGdJkxbP16215717xbc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bidzvGblz16215943b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kYslcimrv_hwfkxGkJkbbsct_zrQwl16215698ifi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ttvzmGYsmanovwsYxY16215355bzxz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/usiltiukGPmdJ_xcacd16215191wvmx.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/txhlQcimwhzbcaa16215989o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rafQmeoxYQGwhxlmk_tPernGYsPtm16215467z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/GdaYnralkztik16215327ev.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wadaPcuzwfdvP16215600ch.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xPxYPccztlfcrYnwrbhczosx16215405leaY.pdfIn PDF document text
    +25 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000ad99.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xAD99 19856 bytes
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120
font_01_sfnt_off0000e32b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE32B 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000118ec.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x118EC 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1