PDF static analysis report

Static analysis result for SHA-256 4bf604afefac99bc…

SUSPICIOUS

PDF

84.9 KB Created: 2016-12-26 19:12:31 +08:00 First seen: 2018-10-07
MD5: a2a27c9b571a4258c37e2d7931747212 SHA-1: 5d5c72cf46e36647e59264a9f6f0b6fea1c13d41 SHA-256: 4bf604afefac99bc3ceeb59f66bef6c914748bebcd3e88f59ea40447a713e72c
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/idealow/causemusic.php/YaJdrnbxndxvhkcmYGJYGzswf16215431rz.pdf PDF link annotation
    • http://dubaipropertyrentals.net/idealow/causemusic.php/YeaYeveieacuicfhvumaoPw16215548fJ_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/in_JJnwih16215563Qn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/txhlQcimwhzbcaa16215989o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_mYn__seo16215384cat.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lJfaubnhiJkJmizf16215410msm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wYbQxG16215824_wi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kQiJehho16215566k.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/YxwwYb__iQ_n16215470ie.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kdiufubwzJrzzbYrdanQn16215626Qckd.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wwhJiYsd16215950lYek.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rrwxktvbGidJadkdPGbwkkmesiJ16215200Yub.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/utbzrQhtawvmfPhduPw_16215832es.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/viccxiePdu_kunx_16215352J.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/PdzlnQdu_YGadhmdenYv_tvfvr16215253c_QY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/eotYuccuvcstkzmetike16215634v.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/aewnlGrm16216138idP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oxbosanuvPvx16215547i_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/hmvoh_tdGnxlcvYfou16215806QJJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mxwiPl_cslJYnx_YlchhruhtoQdd16215758Ga.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/abJYzlb16215205vcQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/domatGmxQkrftd16215845Jbx.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lzQiovPQhhnYuv16215309msw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mwhuPfomdYPlQlznPteckcPiulkr16215415Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/sirtb16215419o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/nYuQbfcxetsmashv16216151_bno.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/e_Juro16215361u.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zceblnv_16215949o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/niiPbdaktJvkzrh16216165wn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/iJlhJfYGbfsmrkbmwQY_16216182infd.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/G_brfam_lbmzrGdoiPvwmnon16215811dv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/uikxQwidlv16215815_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zaaukhsicJGeuiivwQ_i16216176lv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/owbvl16215446dPin.pdfIn PDF document text
    • http://www.kryonbrasil.com.br/recentcut/bQeroQlzaJ15668689n.pdfIn PDF document text
    • http://www.citrusheightsplumbing.net/wp-includes/kedvvQt15478243lia.pdfIn PDF document text
    • http://tandemparaglading.com/maket/vJsbhlGuPnGii15553007_.pdfIn PDF document text
    • http://forweb.ru/UserFiles/pdfs.php/fsknieaxsnrxunsue12321388f.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_rQswYQdie_tPuGllz16215476sm_d.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/PuvYQbzaPkYftkP_widhYbtk16215436bs.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cltbtYkhlobwfdQdGwvn_Psuuxfrs16216113GQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/hddtlQotzizdwfxzrQ_r__rtuP16215830iiv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oeYolwlPrmaaGcmumJ16215846iP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cwGatsvneJQw16215780b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cxelf_nvPtGGkk_kunYz_skdtz16215385ot.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/utexwhe16215948cJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/uemGkduQwf16215970cu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xuJaJdwmYmGwaxsQhv_JbutfJuvkm16215287bev.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mJom16215929s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/PuYGitrei16215492u.pdfIn PDF document text
    +26 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000aca4.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xACA4 19856 bytes
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120
font_01_sfnt_off0000e236.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE236 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000117f9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x117F9 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1