Malicious PDF — malware analysis report

Static analysis result for SHA-256 7f65afa6a267aa5c…

MALICIOUS

PDF

11.9 KB Created: 2015-07-15 14:40:47 +04:00 Authoring application: DOMPDF
MD5: 53e5e7ea840acc305dcb20646e5ac193 SHA-1: 03cb6c66a8d612a7cbea3adad53c31642001ad3c SHA-256: 7f65afa6a267aa5cf57a3866e5389d65ec51a7be0b4cda8439fa507857072ce1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a tactic to manipulate search engine results or redirect users to potentially malicious sites. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. Although no scripts were explicitly extracted, the embedded URLs are the primary indicators of malicious activity, likely serving as a lure or a distribution point for further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=2140.1&wehsa=1&pdf=2140
    • http://epremier.ro/index.php?article=748.1&ivdfx=1&pdf=748
    • http://www.dikiliermanoto.com/index.php?article=296.1&snsfa=1&pdf=296
    • http://photo-file.ru/index.php?article=2123.1&wehsa=1&pdf=2123
    • http://www.myrlimo.com/index.php?article=597.1&sqfkb=1&pdf=597
    • http://photo-file.ru/index.php?article=254.1&wehsa=1&pdf=254
    • http://marcogulf.com/index.php?article=248.1&puzto=1&pdf=248
    • http://vs-media.nl/index.php?article=2044.1&nxjas=1&pdf=2044
    • http://ipestka.pl/index.php?article=740.1&qsxtx=1&pdf=740
    • http://photo-file.ru/index.php?article=176.1&wehsa=1&pdf=176
    • http://photo-file.ru/index.php?article=1267.1&wehsa=1&pdf=1267
    • http://photo-file.ru/index.php?article=1917.1&wehsa=1&pdf=1917
    • http://www.mantrabeautybar.ca/index.php?article=1288.1&rukbv=1&pdf=1288
    • http://photo-file.ru/index.php?article=465.1&wehsa=1&pdf=465
    • http://fotosalon-zoom.ru/index.php?article=606.4&sufyu=4&pdf=606
    • http://photo-file.ru/index.php?article=1492.1&wehsa=1&pdf=1492
    • http://www.faceausoleil.com/index.php?article=892.2&ipbvv=2&pdf=892

Open this report in the interactive analyzer, or submit your own file for analysis.