PDF malware analysis — malicious · 914c642ca0d52e27

MALICIOUS

PDF

4.7 KB Created: 2015-06-03 16:40:27 +03:00 Authoring application: DOMPDF

MD5: 81e58f92df0fd285ba16fda2ee157d6f SHA-1: b550077f4980fe59b9c8631ebcaa0f1e381c089b SHA-256: 914c642ca0d52e2763c9e6b67a6d7729499edc930d47403765eb47145946816f

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a significant number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various domains, suggesting a link farm or SEO manipulation tactic. The document body also contains text related to 'Forex trade system', which may be a lure to encourage clicks on the embedded links. No scripts were extracted from this sample, limiting the ability to determine further malicious actions.

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://phcccolorado.org/index.php?2015/arabtera.pdf&effpp=1&aspx=1034
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=2192
- http://www.academiafutebolangola.com/index.php?2015/hmdeepfocus.pdf&audtr=1&aspx=2077
- http://www.prequine.com/index.php?2015/torcida.pdf&fcldj=1&aspx=636
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=473
- http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.