Malicious PDF — malware analysis report

Static analysis result for SHA-256 83e4cd09b451a72d…

MALICIOUS

PDF

11.8 KB Created: 2015-07-15 14:39:57 +04:00 Authoring application: DOMPDF
MD5: 36bd5c0834746921873022abbed9e2a0 SHA-1: c1d68f45835a377c60f00d4621959e247b5180e6 SHA-256: 83e4cd09b451a72d945950e2865090c17c802766ee7ec55d03844b66c1bea022
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, characteristic of a link farm. The embedded URLs suggest the document's primary purpose is to redirect users to various websites, potentially for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=1941.1&wehsa=1&pdf=1941
    • http://www.ecoservice.co/index.php?article=2098.1&egezd=1&pdf=2098
    • http://hotrodderclassifieds.com/index.php?article=246.1&hjjgr=1&pdf=246
    • http://photo-file.ru/index.php?article=1544.1&wehsa=1&pdf=1544
    • http://healthcare2-concepts.com/index.php?article=42.1&syyyl=1&pdf=42
    • http://photo-file.ru/index.php?article=180.1&wehsa=1&pdf=180
    • http://clockworkmovies.com/index.php?article=2383.1&wgigr=1&pdf=2383
    • http://www.mantrabeautybar.ca/index.php?article=1177.1&rukbv=1&pdf=1177
    • http://marjangecevic.com/index.php?article=2444.1&vgslo=1&pdf=2444
    • http://photo-file.ru/index.php?article=2254.1&wehsa=1&pdf=2254
    • http://photo-file.ru/index.php?article=1287.1&wehsa=1&pdf=1287
    • http://photo-file.ru/index.php?article=1652.1&wehsa=1&pdf=1652
    • http://egliseviechretienne.com/index.php?article=1984.5&fkyfd=5&pdf=1984
    • http://photo-file.ru/index.php?article=387.1&wehsa=1&pdf=387
    • http://bmwt.pt/index.php?article=267.2&qvacx=2&pdf=267
    • http://photo-file.ru/index.php?article=2448.1&wehsa=1&pdf=2448
    • http://vs-media.nl/index.php?article=359.1&nxjas=1&pdf=359

Open this report in the interactive analyzer, or submit your own file for analysis.