Malicious PDF — malware analysis report

Static analysis result for SHA-256 bdb672a71a87267d…

MALICIOUS

PDF

11.4 KB Created: 2015-07-16 23:42:19 +04:00 Authoring application: DOMPDF
MD5: b512129db5cacb6c0bc6b173a9abe9a4 SHA-1: 76e14bb16c56eda1aca3f25e0bb34d70bea81b23 SHA-256: bdb672a71a87267d0ad6332a8e38825c4d878b3b5cf078e61044c05d16f7e2f7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of a link farm or phishing lure. The document body contains many of these URLs, suggesting the primary intent is to redirect users to potentially harmful websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9383

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://chavagnes.com/index.php?article=2031.3&pvfgd=3&pdf=2031
    • http://msobo.fr/index.php?article=2161.3&ovavq=3&pdf=2161
    • http://acast.ru/index.php?article=1306.5&zueuf=5&pdf=1306
    • http://chavagnes.com/index.php?article=2023.3&pvfgd=3&pdf=2023
    • http://aryservicos.com/index.php?article=527.2&upoiy=2&pdf=527
    • http://chavagnes.com/index.php?article=2358.3&pvfgd=3&pdf=2358
    • http://unibindsport.no/index.php?article=213.1&ufueq=1&pdf=213
    • http://motorsportroden.nl/index.php?article=1090.3&athzp=3&pdf=1090
    • http://harmenhomes.ca/index.php?article=235.2&bjgvo=2&pdf=235
    • http://chavagnes.com/index.php?article=40.3&pvfgd=3&pdf=40
    • http://chavagnes.com/index.php?article=700.3&pvfgd=3&pdf=700
    • http://chavagnes.com/index.php?article=2404.3&pvfgd=3&pdf=2404
    • http://websitedesignindelhi.co.in/index.php?article=989.2&sijvn=2&pdf=989
    • http://chavagnes.com/index.php?article=2165.3&pvfgd=3&pdf=2165
    • http://www.mantrabeautybar.ca/index.php?article=1557.2&chffj=2&pdf=1557
    • http://chavagnes.com/index.php?article=2197.3&pvfgd=3&pdf=2197
    • http://anaprieto.com/index.php?article=774.3&dtctc=3&pdf=774

Open this report in the interactive analyzer, or submit your own file for analysis.