Malicious PDF — malware analysis report

Static analysis result for SHA-256 58d03444e83107b5…

MALICIOUS

PDF

13.0 KB Created: 2015-07-15 14:41:36 +04:00 Authoring application: DOMPDF
MD5: 2cb455b30e1b3439961fdb08bb33526a SHA-1: e16cc0ce7a2b2c7dfb733420f0d4bb3af7696123 SHA-256: 58d03444e83107b54d5e816322764da886078e4c12167ef90454606608c41adc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a significant number of embedded external links, characteristic of a link farm. The primary purpose appears to be directing users to a multitude of websites, likely for SEO poisoning or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8838

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=967.1&wehsa=1&pdf=967
    • http://harmenhomes.ca/index.php?article=93.1&wcdhp=1&pdf=93
    • http://www.robinprime.com/index.php?article=2355.1&bedxv=1&pdf=2355
    • http://photo-file.ru/index.php?article=1633.1&wehsa=1&pdf=1633
    • http://tngszkolenia.com/index.php?article=2374.2&kiojv=2&pdf=2374
    • http://photo-file.ru/index.php?article=2014.1&wehsa=1&pdf=2014
    • http://mudinside.it/index.php?article=636.2&ozinn=2&pdf=636
    • http://www.lole.cl/index.php?article=1601.1&fadfz=1&pdf=1601
    • http://www.mantrabeautybar.ca/index.php?article=381.1&rukbv=1&pdf=381
    • http://photo-file.ru/index.php?article=2284.1&wehsa=1&pdf=2284
    • http://photo-file.ru/index.php?article=169.1&wehsa=1&pdf=169
    • http://photo-file.ru/index.php?article=1101.1&wehsa=1&pdf=1101
    • http://www.thewastebutlers.com/index.php?article=1300.1&tkqal=1&pdf=1300
    • http://photo-file.ru/index.php?article=709.1&wehsa=1&pdf=709
    • http://power-team.cz/index.php?article=826.3&uwbuc=3&pdf=826
    • http://photo-file.ru/index.php?article=2368.1&wehsa=1&pdf=2368
    • http://ehsaasmhs.org/index.php?article=763.1&qcugi=1&pdf=763

Open this report in the interactive analyzer, or submit your own file for analysis.