Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d702a0c59f57b94…

MALICIOUS

PDF

6.9 KB Created: 2015-06-04 18:28:45 +04:00 Authoring application: DOMPDF
MD5: 709332dc1dfa3c00921ce073406b2cc4 SHA-1: 751e2e96c6b403a58776aa7e9e53bc05bca9468a SHA-256: 5d702a0c59f57b94253b16fcf79191d2e491902f9cefe15d5ff87a554bdf1b9a
74 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The document body and heuristics indicate an advance-fee scam related to binary options trading. The embedded JavaScript, while not fully analyzed due to its size, likely serves to facilitate the scam by directing users to malicious URLs. The presence of multiple related URLs suggests a coordinated effort to lure victims.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5203

Heuristics 3

  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.bluematters.be/index.php?wiki/04/06/2015/celebnetworth/binary+options+u+s+based.pdf&jjvup=1&news=338
    • http://supplementalsounds.com/index.php?wiki/04/06/2015/genesis/binary+options+hedging.pdf&acwco=2&news=1947
    • http://www.etiket.es/index.php?wiki/04/06/2015/naturalcare/binary+options+japan+regulation.pdf&jzyti=1&news=2055
    • http://www.tubeconect.de/index.php?wiki/04/06/2015/wellness/binary+options+millionaires.pdf&fruxa=1&news=1826
    • http://caskaeliteaudio.com.br/index.php?wiki/04/06/2015/pandrade/binary+options+formula.pdf&qdvaj=1&news=2775
    • http://www.arawakhotelstcroix.com/index.php?wiki/04/06/2015/newstime/what+is+a+binary+options+trading+system.pdf&jduqg=3&news=315
    • http://www.supermaraton.eu/index.php?wiki/04/06/2015/housepop/binaryoptionstradingguide.com.pdf&owutp=1&news=sitemap

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off0000029a.js
f43462d01cdfa6e573c22c0d858f311fe0c923020860e0bce2577b715a11e361		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x29A 7087 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.