Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a7e0cbe948c141a…

MALICIOUS

PDF

12.1 KB Created: 2015-07-15 14:40:07 +04:00 Authoring application: DOMPDF
MD5: 23587e86ea7be1e42a2b834b688cf46f SHA-1: 2af7a5563e59e6f72ea5ff39fdd705369c8e89e7 SHA-256: 7a7e0cbe948c141aed87bf100b555a8cbe8f2c850bd090a7944e83bd8c3dde8d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs, forming a link farm designed to direct users to various SEO-optimized websites. This technique is often used for traffic generation or to host malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8843

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=933.1&wehsa=1&pdf=933
    • http://information32.org/index.php?article=1933.1&ugibr=1&pdf=1933
    • http://morlockfamily.pl/index.php?article=2207.5&qpowq=5&pdf=2207
    • http://photo-file.ru/index.php?article=1936.1&wehsa=1&pdf=1936
    • http://menner-photo.com/index.php?article=810.2&ijoko=2&pdf=810
    • http://photo-file.ru/index.php?article=2366.1&wehsa=1&pdf=2366
    • http://cocoonin.fr/index.php?article=1672.1&ybtii=1&pdf=1672
    • http://www.mantrabeautybar.ca/index.php?article=944.1&rukbv=1&pdf=944
    • http://egliseviechretienne.com/index.php?article=2459.5&fkyfd=5&pdf=2459
    • http://photo-file.ru/index.php?article=543.1&wehsa=1&pdf=543
    • http://photo-file.ru/index.php?article=376.1&wehsa=1&pdf=376
    • http://photo-file.ru/index.php?article=56.1&wehsa=1&pdf=56
    • http://edezigntesting.com/index.php?article=1226.1&vwddn=1&pdf=1226
    • http://photo-file.ru/index.php?article=1214.1&wehsa=1&pdf=1214
    • http://pleasereadbible.com/index.php?article=1858.1&ofdkh=1&pdf=1858
    • http://photo-file.ru/index.php?article=1825.1&wehsa=1&pdf=1825
    • http://ve-klubber.dk/index.php?article=1425.1&jzwgf=1&pdf=1425

Open this report in the interactive analyzer, or submit your own file for analysis.