Malicious PDF — malware analysis report

Static analysis result for SHA-256 83d9697b998cb051…

MALICIOUS

PDF

12.3 KB Created: 2015-07-16 22:13:21 +04:00 Authoring application: DOMPDF
MD5: 4ad95e8d1f530fa8ff1ee2b059456c0d SHA-1: 0ff97dbd496c434aa7205f6dc2c283589a187397 SHA-256: 83d9697b998cb05108b31a41f9bc520069bc7031ac2da18646d063deec82c9d3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs that point to SEO-optimized websites. This suggests a link farm or redirection scheme designed to lure users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact payload or further actions.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=2092.2&tpnxb=2&pdf=2092
    • http://hotrodderclassifieds.com/index.php?article=434.1&hjjgr=1&pdf=434
    • http://ipestka.pl/index.php?article=399.2&boryv=2&pdf=399
    • http://photo-file.ru/index.php?article=1998.2&tpnxb=2&pdf=1998
    • http://domedesigner.com/index.php?article=938.1&urgni=1&pdf=938
    • http://photo-file.ru/index.php?article=1364.2&tpnxb=2&pdf=1364
    • http://www.mantrabeautybar.ca/index.php?article=529.2&chffj=2&pdf=529
    • http://www.cauzionealbogestoriambientali.it/index.php?article=1739.2&bfbww=2&pdf=1739
    • http://londonfilmandcomiccon.net/index.php?article=1063.2&ybtwx=2&pdf=1063
    • http://photo-file.ru/index.php?article=1989.2&tpnxb=2&pdf=1989
    • http://photo-file.ru/index.php?article=2245.2&tpnxb=2&pdf=2245
    • http://photo-file.ru/index.php?article=987.2&tpnxb=2&pdf=987
    • http://escale-bien-etre-37.com/index.php?article=1051.2&nalxy=2&pdf=1051
    • http://photo-file.ru/index.php?article=2049.2&tpnxb=2&pdf=2049
    • http://marche-espoir.org/index.php?article=226.7&ilesi=7&pdf=226
    • http://photo-file.ru/index.php?article=1104.2&tpnxb=2&pdf=1104
    • http://taynamxanh.com/index.php?article=6.6&nrboz=6&pdf=6

Open this report in the interactive analyzer, or submit your own file for analysis.