PDF static analysis report

Static analysis result for SHA-256 aabaf1f0a6eabe4d…

SUSPICIOUS

PDF

87.7 KB Created: 2016-12-27 01:37:14 +08:00 First seen: 2018-10-07
MD5: df08be80907a7aa90c18637d9037a2cb SHA-1: 73140a774140be32f023f22e9d6e0006777a8ee1 SHA-256: aabaf1f0a6eabe4d9c82f18d684fb34fe40c5e89831ef22415da6ff3479df088
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fndasYeeY_mxGwsPPhhnlarcdxo16204106Jwn.pdf PDF link annotation
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YfhhvJnlv_bcwQxibmGesiulxkau_16203959wYdl.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zJetocfaidmsGfQhlcodnnu16251791Yw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bivGeccflYbdfJQsYbddka_rxuu16204146dG_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/lckii_vwGebutJvzubhxacYnQehPi16203876Qur.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bcswrJvt16236607armi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ea_fhhnQcekmJitfPckksxcz_zi16204547tow.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/QdstmJ16204536xfoc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/Jnrfhxa16204681rba.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ibt_vzwenzPxGcPl_zzho16204190thcl.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/vuhccvhnclnkl_kPws_iezkYbJveo16204178b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wmbrYY16203837zxmJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/svecfmt_fr_QodP16203866Q.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bcbQnYhmlcld16236620osvv.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dvofidewrtnmk_nlaxocP16204664omhs.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rsYPlvkoofukmefsGvPtJsJewtd16204772sn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ftom_akGflxien_wamoGbcJxG16251913sa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/niY_cdzJumvrss16203903r.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/nGuJwsY_ndnwrbYP_JnsJdY16204108_wli.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/lJlmftxQwmYokcJfmloGY16236435GtJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YuQlQd16204629trer.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bnkirak_eQG_nasalrzwJYoz16251948sfe.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/blePeonGhbkcsmGosfkonGstt16204058m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/scvumorzzewYQdaPYboPfnmii16251923aafh.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/limdriaPYimoxQ16204690x.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_bYxmobotrhibs_ukv_mGvPrk16251837vfb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dvxozozGzlYkYhnkPdJvzneQQdr16203921x.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wxxcw_16251754mcJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zwu16251867r_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/GbexQJnmJh16251975Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fiGkQsfwwuotkwaekexQtmxlJfsx16204647ehm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/vvtlQzdsYrPfGkfxktJcmfPGi_dJGi16204180xnn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dhzrdvhQJY_xJoceJl16251762GY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/kdYGJuiblovbekG16251857a.pdfIn PDF document text
    • http://www.toledano.fr/logs/bwf__tsPvnQexYdrPnanPbne15902158u.pdfIn PDF document text
    • http://www.toledano.fr/logs/vGGaQvQzYd15871640wi.pdfIn PDF document text
    • http://www.toledano.fr/images/vzw15918711rvxt.pdfIn PDF document text
    • http://creative-dots.com/thuswait/nnofJ16221170we.pdfIn PDF document text
    • http://healthlink.org.au/fieldarm/aYom15623233z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/GhsYlPazlznJedxlvtPiruGb16204565r.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/uruazhtJw16251702oswQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rbmw16203926z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/lif_16204687a.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mknxeGferruuxGoll16203826o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zhtiuvPQlQoddtsz16204054Yz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fYawol_f16251876hktu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/Pxiercticcddo_ecePeuruGdfbvhku16251832l.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/hYkusdanPu16204111umh.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/oGfnYuca_GusthbivdobcJnrcGQ16251932c.pdfIn PDF document text
    • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PJztezmzw_huYl16236674fde.pdfIn PDF document text
    +27 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000b765.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB765 20100 bytes
SHA-256: 2b7692cebe9400d219c0612dc6a5469fcf34a586c868e5e3035feaa33b0bcba3
font_01_sfnt_off0000edb4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xEDB4 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off00012379.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x12379 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1