Malicious PDF — malware analysis report

Static analysis result for SHA-256 48648fc02943bbb7…

MALICIOUS

PDF

6.1 KB Created: 2015-06-04 18:30:36 +04:00 Authoring application: DOMPDF First seen: 2015-06-09
MD5: 13ac888f04dcd03c5b9335fd8b09bb01 SHA-1: 3ecd29130d7e6436acb8379b60bae799bf393e64 SHA-256: 48648fc02943bbb7a46f48ea05e496dc9e58493d29169dd4ed717a7a235c1640
72 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.1550

Heuristics 3

  • Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
    Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://medicareplansusa.com/index.php?wiki/04/06/2015/enetspark/binary+options+20+minimum+deposit.pdf&chnqc=1&news=1401 In PDF document text
    • http://www.fonology.it/index.php?wiki/04/06/2015/couponpress/binary+metatrader.pdf&qktyx=1&news=2841In PDF document text
    • http://www.giocattolilucchi.it/index.php?wiki/04/06/2015/boltpartner/binary+options+zero+risk+strategy+pdf.pdf&hgnwf=1&news=618In PDF document text
    • http://vintanesia.com/index.php?wiki/04/06/2015/storefronttt/binary+options+777.pdf&npqdc=1&news=301In PDF document text
    • http://festivalstemadeleine.com/index.php?wiki/04/06/2015/globalnhatrang/mt4+to+binary+options.pdf&ozknt=4&news=2587In PDF document text
    • http://herbalshop.com.ua/index.php?wiki/04/06/2015/ephototheme/binary+option+in+malaysia.pdf&cahug=1&news=1312In PDF document text
    • http://www.supermaraton.eu/index.php?wiki/04/06/2015/housepop/binaryoptionstradingguide.com.pdf&owutp=1&news=sitemapIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.