PDF static analysis report

Static analysis result for SHA-256 8c14b01f0a88b83d…

SUSPICIOUS

PDF

86.1 KB Created: 2017-01-14 05:42:13 +08:00 First seen: 2018-10-07
MD5: 33cd8a8fea260fc6559f321a7bd69a60 SHA-1: 7ed29fe80aad0991b78de9e8fb2be4c0ecd1a4bf SHA-256: 8c14b01f0a88b83d6240affeb71af83fdaeafee2aba4e816026dea4d8cb7596b
44 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINK
    PDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.hofmannmedical.cl/agepdfs/breakfire.php/bsabionscvnmnoxvzoufdvms16420862xPm.pdf PDF link annotation
    • http://www.hofmannmedical.cl/agepdfs/breakfire.php/nkdbGnxzcGoozximkYoiondPblmwro16440245is.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/fbbdhxk_dxvPhfbPsiemaxfrhnQ16437692rt.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/_JxhrndfxlJJxaaeod_un16460277QPv.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/PxnsGalscPstbr16378059mi.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/ckk_vkzYQhGc16465770a.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/irkwYnecrlnm16466361mQl.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/izkiJba_ovfohemrec16437664ab.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/oom_GhPnxfPvYvvdustdomrhuYtfm16382799oi.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/kPuzukJm16371207fc.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/utslshecndJni_16378033nh.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/zznhQ_hrudrJhuelJeG16427854w.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/fbm_fzcYsYkaGGkk_16466168w.pdfIn PDF document text
    • http://www.hofmannmedical.cl/agepdfs/breakfire.php/dzmcmxoookvkkkhskYl_srbcixxi16393054Qhv.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/rduvcmcGzkfJ16371314rr.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/feYPmdfeG16378264h.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/xhvnuonxQrkz_Jl16371354GPen.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/nsJvanestYeuY_v16444685w.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/ozotQ_fiiPhvwvfYoQazhssdzsnQzQ16427737b.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/e_fPct_okwa_PvzktoQbefsucPsx16437732w.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/QaduPdtzxQYlifsPYebJYwulPnGfti16410937x.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/cciYvx_btQbb16377997xr.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/xkQvzzPcmmYvkcwilccwfinfzw16460164ntfl.pdfIn PDF document text
    • http://www.hofmannmedical.cl/agepdfs/breakfire.php/JPkt16393043asYl.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/ubmuQusuxJehrJdx16444485_Qx.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/JtlemttmJsrud_xdnYeu16371454mds.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/PGbbGswYQY_rsnrt16371260vQa.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/txbcne16371337aJow.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/mxxvQbG16371866blod.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/zzsnQYaPwxxivioPeJmbQl16382962edwn.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/tmbvlexefwoQid16466345e.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/ntmlQoxGsrskeQnYv16459988a_cd.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/iubnPkfkJwJloxlQhhGenww16378233u.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/aYodJveswondv16371181PvhP.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/Prvma_dmnttQGGuafkGPwor16410735bc.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/bwubditfxo16462680fb.pdfIn PDF document text
    • http://msb.vuzf.bg/.cgi/zsvdtxxhuv_tbzeJvvfxnJmdhzwJ12527338itr.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/dnnfuixacemixGQcf16463683k.pdfIn PDF document text
    • http://www.hofmannmedical.cl/agepdfs/breakfire.php/PsfuP16440034fPh.pdfIn PDF document text
    • http://www.knot-tech.com/supportanswer/fullsupport.php/aP_nPmJQG16397018G.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/doixPkzebilJnvn16465633d.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/rkuGw16370985sJ.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/Gkincsnbcnm_w16460085vdk.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/nPizkxuGxJbh16444552utQ.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/uxwkPaxruucdlwhtnnewcfm_Pie16371329GeP.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/kvvzlibvi_o_fomtPJrQbweQwaedvt16383148i.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/_klofdPurfkwenJnJdat_16460088zJr.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/filesquite/lPzkeioQwQtf16437656dzQ.pdfIn PDF document text
    • http://redhorseysbus.com/manualorganize/eQfhwwixeeiPrbskeoG_fawvxoz16378259m.pdfIn PDF document text
    • http://www.hofmannmedical.cl/agepdfs/breakfire.php/bavbeGGdsotYwrhlebllPzYzQvQ16392593hz.pdfIn PDF document text
    +27 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000b126.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB126 19984 bytes
SHA-256: a09fcc2fa1ed67d4b535248f6c69e5dd348510206469f04c5194e0954f741122
font_01_sfnt_off0000e71e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE71E 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off00011ce4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x11CE4 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1