Malicious PDF — malware analysis report

Static analysis result for SHA-256 bbdfb6818e1b28e6…

MALICIOUS

PDF

11.7 KB Created: 2015-07-15 05:48:48 +04:00 Authoring application: DOMPDF
MD5: 95942c77c2f3ef19b1ef4a93010c5986 SHA-1: ea507e666d53709bc8b2e9c8223be48b7dea9806 SHA-256: bbdfb6818e1b28e6de7ea4c4c78dbe8c1973c42e6ffeac75c255a38d768b6d42
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded URLs, indicating a link farm designed to redirect users to potentially harmful sites. The heuristic PDF_SEO_LINK_FARM specifically identifies this pattern. The presence of numerous external links suggests a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9351

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://primetimerecords.com/index.php?article=788.1&cvsqx=1&pdf=788
    • http://wilsonswharf.com/index.php?article=1238.7&lcckn=7&pdf=1238
    • http://www.mantrabeautybar.ca/index.php?article=282.1&rukbv=1&pdf=282
    • http://primetimerecords.com/index.php?article=2126.1&cvsqx=1&pdf=2126
    • http://ipestka.pl/index.php?article=555.1&qsxtx=1&pdf=555
    • http://primetimerecords.com/index.php?article=836.1&cvsqx=1&pdf=836
    • http://www.wallart.com.es/index.php?article=1201.1&dxunj=1&pdf=1201
    • http://clockworkmovies.com/index.php?article=1151.1&wgigr=1&pdf=1151
    • http://asinvestmentgroup.com/index.php?article=1642.1&jckgl=1&pdf=1642
    • http://primetimerecords.com/index.php?article=1412.1&cvsqx=1&pdf=1412
    • http://primetimerecords.com/index.php?article=2464.1&cvsqx=1&pdf=2464
    • http://primetimerecords.com/index.php?article=663.1&cvsqx=1&pdf=663
    • http://fresh2death.com/index.php?article=1983.1&lzrlo=1&pdf=1983
    • http://primetimerecords.com/index.php?article=234.1&cvsqx=1&pdf=234
    • http://kemerimalati.com/index.php?article=2450.3&rlrsj=3&pdf=2450
    • http://primetimerecords.com/index.php?article=2204.1&cvsqx=1&pdf=2204
    • http://pleasereadbible.com/index.php?article=1555.1&ofdkh=1&pdf=1555

Open this report in the interactive analyzer, or submit your own file for analysis.