PDF static analysis report

Static analysis result for SHA-256 864a29b80af7f96c…

SUSPICIOUS

PDF

66.8 KB Created: 2018-06-11 10:02:13 -04:00 Authoring application: wkhtmltopdf 0.12.4 (via Qt 4.8.7) First seen: 2020-09-24
MD5: 1a3d81860a51cac8ca269027376073ff SHA-1: 2cde42c4783ba954c5f2224ff8ecb9f179de7e51 SHA-256: 864a29b80af7f96cb70b22725575798b69b89235273af1ccf55d318cd7c0eefd
40 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0915

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://uncpbisdegree.com/download3.php?q=the-sowing-ebook-k-makansi.pdf In PDF document text
    • http://uncpbisdegree.com/download4.php?q=the-sowing-ebook-k-makansi.pdfIn PDF document text
    • http://www.filmywap.tv/reads-online/the-sowing-ebook-k-makansi.pdfIn PDF document text
    • http://wegoplace.com/reads-online/the-sowing-ebook-k-makansi.pdfIn PDF document text
    • http://linwave.de/the/sowing/the_sowing_ebook_k_makansi.pdfIn PDF document text
    • http://drlogo.de/the/sowing/the_sowing_ebook_k_makansi.pdfIn PDF document text
    • http://starge.de/the/sowing/the_sowing_ebook_k_makansi.pdfIn PDF document text
    • http://behoga.de/the/sowing/the_sowing_ebook_k_makansi.pdfIn PDF document text
    • http://lanbit.de/the/sowing/the_sowing_ebook_k_makansi.pdfIn PDF document text
    • http://theseedstrilogy.com/In PDF document text
    • http://altrove.de/the/sowing/the_sowing_ebook_k_makansi.pdfIn PDF document text
    • http://uncpbisdegree.com/1/solid-fun-geometry-answer-sheet-cc-46.pdfIn PDF document text
    • http://uncpbisdegree.com/1/statistics-test-c-inference-unit-vii-answers.pdfIn PDF document text
    • http://uncpbisdegree.com/1/squamous-cell-cancer-of-the-neck.pdfIn PDF document text
    • http://uncpbisdegree.com/1/sharp-pg-c30xe-projectors-owners-manual.pdfIn PDF document text
    • http://riverside-resort.net/1/uniden-answering-machine-dect-60.pdfIn PDF document text
    • http://uncpbisdegree.com/1/the-importance-of-plants-to-humans.pdfIn PDF document text
    • http://uncpbisdegree.com/1/the-berlin-wall-a-world-divided-1961-1989-frederick-taylor.pdfIn PDF document text
    • http://uncpbisdegree.com/1/sysmex-flagging-interpretation-guide.pdfIn PDF document text
    • http://uncpbisdegree.com/1/serious-fun-the-life-and-music-of-mike-nock.pdfIn PDF document text
    • http://riverside-resort.net/1/university-of-bristol-uk.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://www.amazon.com/Sowing-Seeds-Book-1-ebook/dp/B00DYIUX9IIn PDF document text
    • https://www.amazon.com/Kindle-eBooks/b?ie=UTF8&node=154606011In PDF document text
    • https://www.amazon.com/Teen-Young-Adults-Kindle-eBooks/b?ie=UTF8&node=3511261011In PDF document text
    • http://www.goodreads.com/work/editions/25939956-the-sowingIn PDF document text
    • https://read.amazon.com/kp/embed?asin=B00DYIUX9I&tag=bing08-20&linkCode=kppIn PDF document text
    • https://www.goodreads.com/book/show/18344121-the-sowingIn PDF document text
    • https://www.amazon.com/product-reviews/0989867110In PDF document text
    • http://www.audible.com/pd/Sci-Fi-Fantasy/The-Sowing-Audiobook/B018IUN6PYIn PDF document text
    • https://www.amazon.com.au/Sowing-Seeds-Book-1-ebook/dp/B00DYIUX9IIn PDF document text
    • https://www.amazon.it/Sowing-Seeds-Book-English-ebook/dp/B00DYIUX9IIn PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
    • https://www.amazon.com/Sowing-Seeds-Trilogy-1/dp/0989867110In PDF document text
    • https://www.amazon.com/gp/customer-reviews/R5MQL505TAJSV?ASIN=0989867110In PDF document text
    • https://www.barnesandnoble.com/w/the-sowing-k-makansi/1116524405?ean=9780989867115In PDF document text
    • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
    • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
    • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000b383.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB383 14800 bytes
SHA-256: f42040be10e462f38e7f6ea26b4145abcb157a0d03b2d11509f63bbd17dd0bd3
font_01_sfnt_off0000e0cd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE0CD 9588 bytes
SHA-256: f6d9e1ff4efc849e168d9e657352d838f6ced8eccb1f28cefafbfba3f70412fa