PDF static analysis report

Static analysis result for SHA-256 67a1deb099a41199…

SUSPICIOUS

PDF

79.7 KB Created: 2018-06-11 09:26:56 -04:00 Authoring application: wkhtmltopdf 0.12.4 (via Qt 4.8.7) First seen: 2020-09-04
MD5: ac7d19dac8457208afe58701346fcd2d SHA-1: 64fed3d462369fe3264b3e30f320ce56c3bf3c6b SHA-256: 67a1deb099a4119994243f6fade79d114ea13df6a4f8c6bbbc9c8aa30b2aaaf2
40 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0793

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://uncpbisdegree.com/download3.php?q=solution-manual-for-algorithm-design-michael-t-goodrich.pdf In PDF document text
    • http://uncpbisdegree.com/download4.php?q=solution-manual-for-algorithm-design-michael-t-goodrich.pdfIn PDF document text
    • https://www.hashdoc.com/documents/362802/algorithm-design-michael-t-goodrich-solution-manualIn PDF document text
    • http://www.appleidha.com/reads-online/solution-manual-for-algorithm-design-michael-t-goodrich.pdfIn PDF document text
    • http://www.flatrocksoft.com/a/d/algorithm-design-michael-t-goodrich-solution-manual.pdfIn PDF document text
    • http://pflapf.de/solution/manual/solution_manual_for_algorithm_design_michael_t_goodrich.pdfIn PDF document text
    • http://cheshmehsara.com/online/algorithm-design-michael-t-goodrich-solution-manual.pdfIn PDF document text
    • http://www.filmywap.tv/reads-online/algorithm-design-michael-t-goodrich-solution-manual.pdfIn PDF document text
    • http://pflapf.de/algorithm/design/algorithm_design_michael_t_goodrich_solution_manual.pdfIn PDF document text
    • http://www.freebase.com/In PDF document text
    • http://uncpbisdegree.com/1/world-weather-radar.pdfIn PDF document text
    • http://uncpbisdegree.com/1/values-philosophies-and-beliefs-in-tesol-making-a-statement.pdfIn PDF document text
    • http://uncpbisdegree.com/1/vlc-program-guide.pdfIn PDF document text
    • http://uncpbisdegree.com/1/unizulu-residence-2018.pdfIn PDF document text
    • http://uncpbisdegree.com/1/the-power-of-premonitions-how-knowing-future-can-shape-our-lives-larry-dossey.pdfIn PDF document text
    • http://uncpbisdegree.com/1/withers-rain.pdfIn PDF document text
    • http://uncpbisdegree.com/1/univercity-of-pretoria-prospector-of-2018.pdfIn PDF document text
    • http://uncpbisdegree.com/1/toyota-corolla-mirror-wiring.pdfIn PDF document text
    • http://uncpbisdegree.com/1/toyota-axio-g-2007owner-manual.pdfIn PDF document text
    • http://uncpbisdegree.com/1/troy-bilt-snowblower-repair.pdfIn PDF document text
    • https://www.hashdoc.com/documents/362802/algorithm-design-michaelIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://www.reddit.com:443/r/EngineeringStudents/comments/44usna/does_anyone_have_a_pdf_copy_of_algorithm_design/?utm_source=BD&utm_medium=Search&utm_name=Bing&utm_content=PSR1In PDF document text
    • https://www.reddit.com:443/r/EngineeringStudents/comments/44usna/_/czt3x6l?utm_source=BD&utm_medium=Search&utm_name=Bing&utm_content=PSR1In PDF document text
    • https://www.reddit.com:443/r/EngineeringStudents/comments/44usna/_/czt7khi?utm_source=BD&utm_medium=Search&utm_name=Bing&utm_content=PSR1In PDF document text
    • http://en.wikipedia.org/wiki/Michael_T._GoodrichIn PDF document text
    • https://www.linkedin.com/in/mtgoodrichIn PDF document text
    • https://www.reddit.com/r/EngineeringStudents/comments/44usna/does_anyone_have_a_pdf_copy_of_algorithm_design/In PDF document text
    • https://www.amazon.com/Algorithm-Design-Applications-Michael-Goodrich/dp/1118335910In PDF document text
    • https://www.amazon.com/books-used-books-textbooks/b?ie=UTF8&node=283155In PDF document text
    • https://www.amazon.com/Computers-Technology-Books/b?ie=UTF8&node=5In PDF document text
    • https://www.amazon.com/Programming-Computers-Internet-Books/b?ie=UTF8&node=3839In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
    • https://academic.microsoft.com/#/detail/2022671649In PDF document text
    • https://academic.microsoft.com/#/detail/2057839002In PDF document text
    • https://academic.microsoft.com/#/detail/2134697892In PDF document text
    • https://academic.microsoft.com/#/detail/1522343170In PDF document text
    • https://academic.microsoft.com/#/detail/2141136786In PDF document text
    • https://academic.microsoft.com/#/detail/2135853928In PDF document text
    • https://www.goodreads.com/author/show/15693.Michael_T_GoodrichIn PDF document text
    • http://www.amazon.com/-/e/B001ITYBE8In PDF document text
    • http://creativecommons.org/licenses/by-sa/3.0/In PDF document text
    • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
    • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
    • https://www.reddit.com/r/EngineeringStudents/comments/44usna/doesIn PDF document text
    • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000e7f0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE7F0 14084 bytes
SHA-256: 32dad16c3c3e0dbb63ec6e377decb3005419af7f31453078c5046fe96c490a01
font_01_sfnt_off00011386.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x11386 9216 bytes
SHA-256: edbe93764435f2235405be195a1d1ab4edc4e5755cba8e135fae8a56c7281923