Malicious PDF — malware analysis report

Static analysis result for SHA-256 baa9deeac590d73f…

MALICIOUS

PDF

6.7 KB Created: 2015-06-04 18:31:40 +04:00 Authoring application: DOMPDF First seen: 2015-06-09
MD5: 771ad8421cc3362b9250bc07da5fbd9b SHA-1: bfa0dbd53ee112e21d3a9753eb77bf262f833c72 SHA-256: baa9deeac590d73f86a7afd32c809dc6c0b686cd68be8485085f75bba0355099
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF document contains multiple embedded URLs related to binary options trading, suggesting a lure for financial scams or phishing. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, limiting the analysis of its direct execution behavior. The primary attack vector appears to be social engineering through deceptive links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5488

Heuristics 2

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://fundaciointermedia.org/index.php?wiki/04/06/2015/inspirebits/binary+option+40+contract.pdf&lgxqx=2&news=1615 In PDF document text
    • http://studio89.fr/index.php?wiki/04/06/2015/simplepress/ubinary+broker+review.pdf&kfiny=2&news=1511In PDF document text
    • http://www.cityofcarmi.org/index.php?wiki/04/06/2015/seventeen/binary+option+system+008.pdf&khfas=1&news=1190In PDF document text
    • http://medicareplansusa.com/index.php?wiki/04/06/2015/enetspark/binary+options+20+minimum+deposit.pdf&chnqc=1&news=1224In PDF document text
    • http://www.yuzbasiogluproje.com.tr/index.php?wiki/04/06/2015/juventus/binary+options+xls.pdf&kqwap=1&news=76In PDF document text
    • http://www.recruitify.se/index.php?wiki/04/06/2015/heritagecc/binary+option+no+minimum+deposit.pdf&ogfda=1&news=2597In PDF document text
    • http://www.supermaraton.eu/index.php?wiki/04/06/2015/housepop/binaryoptionstradingguide.com.pdf&owutp=1&news=sitemapIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.