Malicious PDF — malware analysis report

Static analysis result for SHA-256 bf2d6efc57ec8241…

MALICIOUS

PDF

11.7 KB Created: 2015-07-15 14:39:06 +04:00 Authoring application: DOMPDF
MD5: cf2028f95f82cfa02e17ac3b837b481e SHA-1: d89b9e38ada119ee6f1c256828f888249ccbb7ec SHA-256: bf2d6efc57ec8241a37313ae082957d8abea62dcb2b21303344ef03d250da70e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or redirection scheme. The ML classifier also flagged the PDF as malicious. The document body contains text related to 'binary options' and numerous URLs, indicating a potential scam or phishing attempt to drive traffic to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://photo-file.ru/index.php?article=1797.1&wehsa=1&pdf=1797
    • http://londonfilmandcomiccon.net/index.php?article=364.2&ybtwx=2&pdf=364
    • http://acast.ru/index.php?article=1528.5&zueuf=5&pdf=1528
    • http://photo-file.ru/index.php?article=1178.1&wehsa=1&pdf=1178
    • http://www.mantrabeautybar.ca/index.php?article=309.1&rukbv=1&pdf=309
    • http://photo-file.ru/index.php?article=1374.1&wehsa=1&pdf=1374
    • http://top-rice-cooker.com/index.php?article=2145.1&ratfe=1&pdf=2145
    • http://www.amenagementboislyon.com/index.php?article=2443.1&jnfas=1&pdf=2443
    • http://geekseals.com/index.php?article=358.1&kcbpn=1&pdf=358
    • http://photo-file.ru/index.php?article=1098.1&wehsa=1&pdf=1098
    • http://photo-file.ru/index.php?article=2104.1&wehsa=1&pdf=2104
    • http://photo-file.ru/index.php?article=1468.1&wehsa=1&pdf=1468
    • http://cocoonin.fr/index.php?article=602.1&ybtii=1&pdf=602
    • http://photo-file.ru/index.php?article=166.1&wehsa=1&pdf=166
    • http://sandystraitssizzlers.com/index.php?article=2144.1&kwbat=1&pdf=2144
    • http://photo-file.ru/index.php?article=2089.1&wehsa=1&pdf=2089
    • http://www.motz73.fr/index.php?article=1082.1&vrqcc=1&pdf=1082

Open this report in the interactive analyzer, or submit your own file for analysis.