PDF malware analysis — malicious · 47b75e2d580e4905

MALICIOUS

PDF

4.8 KB Created: 2015-06-03 16:40:31 +03:00 Authoring application: DOMPDF

MD5: 8b20570ffd661595f66fe806842c16bd SHA-1: a76e21f21811bc9bf18b73c340ef9cf20326869c SHA-256: 47b75e2d580e49057ebd53b176cbe39c11a1363326a4ae416324f64a10260a1e

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs are presented in a way that suggests a link farm or a method to drive traffic to various external sites, potentially for SEO manipulation or to host malicious content. The document body, though truncated, also contains these URLs and text related to financial trading, which could be a lure. No scripts were extracted from this sample.

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.prequine.com/index.php?2015/torcida.pdf&fcldj=1&aspx=1974
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=2382
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=30
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=1155
- http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=721
- http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.