PDF static analysis report

Static analysis result for SHA-256 9137ac890a4c9f3c…

SUSPICIOUS

PDF

84.1 KB Created: 2016-12-26 20:35:18 +08:00 First seen: 2018-10-07
MD5: d8c26f2d83bc653904402ba7add14649 SHA-1: bb67b5e73965ee76731e9eb779146dd323861d69 SHA-256: 9137ac890a4c9f3cc444b68db5824ef9c4f4180f7e0f13d90f85202248361c06
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/idealow/causemusic.php/lsve_f16215533PuPv.pdf PDF link annotation
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kGGhkQ_nwl_YkeGvJlsQxP_16215692P.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_ftun_xe_erdQvbrsbvrclti16215990nb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/vozGcGicneddvsrG16215223a.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oarkbJcthtckrbeemfGlelx_16215321r.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dxnarQsnxtxckYQQdGkrt16215892lvwo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/Yfh16215381w.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/Jawb_ootn16215620oQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dlrowQoGhluukfJ16215710Qu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mlGxsol16215597u.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zklzudloxiardluxooze16215850sv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/eanzQbGu16215675duzG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ueYQnarblnciPce_16215406J.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cfxuubou16215336m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/fwnQifofxvb16215792Jhdd.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/___l_rrl16215463h.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rJhkwkatxvhxhxrPoPvrePY16215807mote.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/f_xnbtmaJPmhnQfGtJGnee16215512bua.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/sPezznuil__suY16215898ldJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oGembfzsJiinG16215531co.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/GJawwbb16215424wlJr.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/hiiPnJrvvzzvQxhmkGlvelvds16215427Qf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/stwvuabadf_PYcxdxda16215511ml.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/PrbdcG16215913w.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wnnfvsahla_GmJJ16215982_vfa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kQiJehho16215566k.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/udte__hhebakQzsodP16215204ivG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oclYYtPGdsddtikuYmGJhol_16215748Gk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/c_PxJJ_Qnz16215918cb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xhzdzhoxtaoouQallbGa16215967Gc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/JaYaYxualihdsYkfmlG16215581zYPv.pdfIn PDF document text
    • http://www.lofts-on-arts-avenue.com/mobile/owQhrvGsufrs12669197mu.pdfIn PDF document text
    • http://healthlink.org.au/dealactual/lod15625149uoJ_.pdfIn PDF document text
    • http://www.kryonbrasil.com.br/typemoment/YGYxwGizYQuh15633159mY.pdfIn PDF document text
    • http://www.citrusheightsplumbing.net/wp-includes/cenoxbftQk_buPPhsafhYsh15602517ao.pdfIn PDF document text
    • http://www.mehmanesh.com/departmentsure/specialmaterial.php/vbvz15261523sG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/aewnlGrm16216138idP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/odYQsavGt_alQ_afmbtuabt16215299J.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/vQhxY_eukklkPJlvcn_xniz16215245tv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lntnfGtibmYri16215462Qrth.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/odvoksfiedkouhatPdabYhhsx16215573hcPk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oo_QcuPww16215261YacQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/blcnsacslrfnP_YncuGxrbdomGsucs16215281G.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kbhtfkmhnfJ16215389Yc_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/QscJJvY_rGGbrcJmmPP_rmmoz16215258u.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/fdrezkfkY_YmtkuhJw_nr16215276baJh.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bhPQ__zGdiczcQnGuQtxihzQuxzP16215623ltrf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lvwtfadbQihlQlinouGcYr16215609kGmu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dsPukrmJve_o_16215425Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zmoecPwmJibffnuowza16215658fs.pdfIn PDF document text
    +24 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000a910.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xA910 20060 bytes
SHA-256: 3efb3f7a8d4dc9485ee0534e7ee0d33d8de47d38ac03e85d9ad757b2df9b2ce1
font_01_sfnt_off0000df3c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xDF3C 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000114fb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x114FB 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1