PDF static analysis report

Static analysis result for SHA-256 8e0e7b128d934644…

SUSPICIOUS

PDF

86.4 KB Created: 2016-12-27 04:43:07 +08:00 First seen: 2018-10-07
MD5: 7f64c463c73a02ed4f59e525c14f5131 SHA-1: 019e5b8bb9d0b3340a30b4ea4ca163785860c5de SHA-256: 8e0e7b128d9346443d7d008d757ab6383e387efd52d8018bfae89d00ef6f5b00
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/organizefree/carrydetermine.php/chfokkJwutlwxPnla16217590G.pdf PDF link annotation
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/afmeYxxmnsl16258749Yo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/xuhhrsGwhn16217782m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/_xcmJrcamnrtxxmo16244928a.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/xdxz_zJexmrxmGohQQodt_rmP_t16258775rlr.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/GGJQwrJlknwhPoim16217484P_Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/nv_tJvzGbmYuvtlP_wtPidrr16217288e.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/zaobfhrb16258661GQwk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/JrrGvexknvG_fzk16218071ox.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/kwuuhddnb16217217tl.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/dmvhuvwhxQtsPPrzvxvd__sma16217338bv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/cstmkx_GGsiJG_zxxbn16217392ieu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/bbsfivrosaefbxd16217666QtY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/dxduf16217994YJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/rJ_ixabGmYiaizzx16217243_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/bQsslPfzGkYfiQcJuzwx_tlfxkc16258812iv_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/GekiwxGJuinrlcam_rJvwJceoote16218023JmPv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/lzedlldha16217748t.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/uQk_rhrxxzch_zYwdllY16217949wx.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/xrxrPQYoGlYmvznmnukxnavuGhbPG16258637Qe.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/fowdPiYvwfkbm_ttYPzQd_bolGin16258616l.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/tin_azo16258655Jm_s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/fmbvaz_QPdte_kecmxmb16218182o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/rzbkvs_16217973tQb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/alnQoswQYvbfnav_decGsmcc16258876_fri.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/vhivnekGhcseeQrlcfeawxenbPnb16217512_Yxt.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/Yvktxsu_hfchnGkmJhftY16217951PGY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/zPatwt_wzokdaharPbt16218031n.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/mGskaYJrczehbrkk16218042uw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/eoffbnQewkst_r16217531a.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/xkvnc_aeodrxnzQPke16258654oo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/clrYnmrvxddfJrPkwQwnvbk_n16217237hYn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/dcf_wunuuxcJPka16258603ddni.pdfIn PDF document text
    • http://cardoor.es/historytrain/oJrYaaJkvm15717018w.pdfIn PDF document text
    • http://fmbl.vuzf.bg/opml/vatemirkuzxYoGvbdikasm12768331xYck.pdfIn PDF document text
    • http://citrusheightsplumbing.net/tmp/rQvrw15663639kab.pdfIn PDF document text
    • http://citrusheightsplumbing.net/tmp/vGxYGJtkwmza15562342bh.pdfIn PDF document text
    • http://www.toledano.fr/media/maQJ_hocP15952184chao.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/hndib16258608s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/odnraanu_oiGxcshQk_PdY16244808em.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/w_YJwQhcuwmdPt16218024x.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/tzlduYPizwbhGQxJ16217555vPl.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/wJcQhsmrQvawJP16218107Ph.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/rbaPs16217944n.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/eek16217586lwu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/wvwJ16217692eu_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/h__JmsidzQktueff16217993zJx.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/zbksGuddcaskhcrkerGl16244809f_s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/bQnwzGsbrfdnaccznutunfurJQb16217465Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/organizefree/carrydetermine.php/GmrtPsrswardxncbQ16258662Jai.pdfIn PDF document text
    +26 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000b30b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB30B 19856 bytes
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120
font_01_sfnt_off0000e89d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE89D 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off00011e60.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x11E60 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1