PDF static analysis report

Static analysis result for SHA-256 47a265cff8b65b86…

SUSPICIOUS

PDF

87.6 KB Created: 2016-12-26 16:00:31 +08:00 First seen: 2018-10-07
MD5: aed8b2df96f083c7c123b333f8f3b3f2 SHA-1: 0597b0e233b099dd8f8663c6967f70e69e39c812 SHA-256: 47a265cff8b65b8699a030a682cbfbfb5a8f491a49403863c30a4c2e5880b663
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/perhapsactual/momentfield.php/k_eoJGxtshJktoassxba16204250z.pdf PDF link annotation
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/avxcYtcdnwGnmtzlv16204398nGfo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/nGuJwsY_ndnwrbYP_JnsJdY16204108_wli.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/vJxuJxvJtfl16203963mn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/lbcc_oxf16204406dm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bQunuvcxGPenPdkJsehYs_Q16204147ol.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/sPJJehkrrkJkQw16204683h.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PzrmGifhfaPumfuddas_aaz16203932eP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/J_exbJvYczinYY16203821rifz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dQhnxvkfoeQwlla_16204318aJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_Pia_wbJQs16203915aPki.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mfntwfednrnr_ndseY16204486okPa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/unJhGavuiJnhromY16203891zke.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/hkk_snzuzbYfQmaaeQ16204022Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fuwYufvaQGvnox_16204160fwfG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ioomcsiGlxwtdfe16204718duaw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/arze_16204541_bau.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PQkYzvfwPcsJkkQlxzd16204151ibPn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/uaf_YanJtvxw_nkzor16204495abu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PzhodscP_isezutdcs16204571ei.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/f_xvJ_rmPoovonkimfbfxPtd16204467vesc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ccQndezanficniJrc16203801hiJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/GuGlYYa16203840Y_z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/r_rvJbeztvuorbleuotJwchfGYinYu16204040cn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xcuvdlQcJwranJexQGbQhPw_d16204534viJ_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YuQlQd16204629trer.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/cxdnoxstrotxmil16204768ttr.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/cwalkrfhs16204642xft.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ovPPvYuProQQbfdt16204648v.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/lv__vwJvtemzlPnsmrokPnfctm16204096bkJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ntekx_r_tY_okzaczYoavJuzmuQz16203836cvJx.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/t_bYnriombYrz_i16204572iz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rilJfhxbbechePzhiwu__ico_16204773wdha.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xozswrtJaJlwtlwQzebnouhk16204440wh.pdfIn PDF document text
    • http://www.citrusheightsplumbing.net/wp-includes/ePwPdxukcxkuYQfnkmGx15985085dQl_.pdfIn PDF document text
    • http://www.citrusheightsplumbing.net/tmp/lGbi_Yuun15570944P.pdfIn PDF document text
    • http://thegoprofamily.com/truecollege/YGxzw15876160n.pdfIn PDF document text
    • http://cardoor.es/pastfriend/zsvk15668635_Px.pdfIn PDF document text
    • http://www.dailykalerchobi.com/trainidea/oazftwtfwa15743622rz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bxc16204583chb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/QmadfPiznmbamk16204764dx.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/enuPoebG16203900tme.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YxocxlYndzYxuxoYkwGk16204568ahk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PzzJaho16203981f_sk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_nufPdd16204402sQn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/aYiJldmbPn16203883Pu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/oidasf16204230lQso.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PnnemQkzkivibisbhxdtiJm16204359rmlu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/oei_kskahodehb16204540m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/oJtswYk16204177hetY.pdfIn PDF document text
    +27 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000b6d9.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB6D9 20048 bytes
SHA-256: 8102ba41f631ba0c53f07776fdb959fcab33ed88de727001484707b53991b79a
font_01_sfnt_off0000ed0f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xED0F 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000122d4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x122D4 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1