Malicious PDF — malware analysis report

Static analysis result for SHA-256 743b81990c6ac0e5…

MALICIOUS

PDF

11.5 KB Created: 2015-07-15 14:41:20 +04:00 Authoring application: DOMPDF
MD5: dbf0d1132b76f5b163ff32848f42c032 SHA-1: de8d2f8c8d4c012b67ae58ec780ca2638a66fa4b SHA-256: 743b81990c6ac0e5bf112acafadd416f7b209903241cc96a681a640880cddbb3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or SEO manipulation tactic. The ML classifier also flagged the PDF as malicious. While no scripts were explicitly extracted, the presence of embedded URLs within the document body, combined with the heuristics, indicates an attempt to redirect users to potentially malicious external sites, likely as part of a phishing or malware distribution scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=1798.1&wehsa=1&pdf=1798
    • http://hillcrestchurch.info/index.php?article=102.1&jhrre=1&pdf=102
    • http://bluntdistribution.com/index.php?article=1991.1&agzvq=1&pdf=1991
    • http://photo-file.ru/index.php?article=590.1&wehsa=1&pdf=590
    • http://acast.ru/index.php?article=1367.5&zueuf=5&pdf=1367
    • http://photo-file.ru/index.php?article=1585.1&wehsa=1&pdf=1585
    • http://pamojaexpeditions.com/index.php?article=229.2&lqpte=2&pdf=229
    • http://fresh2death.com/index.php?article=1301.1&lzrlo=1&pdf=1301
    • http://aksoynet.nl/index.php?article=591.2&cwiie=2&pdf=591
    • http://photo-file.ru/index.php?article=244.1&wehsa=1&pdf=244
    • http://photo-file.ru/index.php?article=760.1&wehsa=1&pdf=760
    • http://photo-file.ru/index.php?article=774.1&wehsa=1&pdf=774
    • http://howtoexcelinlife.com/index.php?article=1793.1&ytcwy=1&pdf=1793
    • http://photo-file.ru/index.php?article=741.1&wehsa=1&pdf=741
    • http://dhyansuman.com/index.php?article=905.8&xvanh=8&pdf=905
    • http://photo-file.ru/index.php?article=2296.1&wehsa=1&pdf=2296
    • http://www.mantrabeautybar.ca/index.php?article=897.1&rukbv=1&pdf=897

Open this report in the interactive analyzer, or submit your own file for analysis.