PDF static analysis report

Static analysis result for SHA-256 c44e5e5abbeacb86…

SUSPICIOUS

PDF

84.3 KB Created: 2016-12-26 16:16:11 +08:00 First seen: 2018-10-07
MD5: 2463dc0d4c11d4552694c07dbdcdc23f SHA-1: 97cddca415b3318896379828541522c9cf82f198 SHA-256: c44e5e5abbeacb8634cc9eca92655147703a74616d8ed1e7044d52d5e93b3f4f
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/idealow/causemusic.php/fQnoanlYJlnxaoGvubvfduhih16215184enz.pdf PDF link annotation
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_PbddlvnhJibdctmPusJ16215962J.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/YGQvicu_rormhimoikz16215785u.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/klhu_eadaukcke16215317rQ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/eo_znm16215201J.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/srdl_hbPQJsrsQxGddxwQQavodnJmJ16215524kGvc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lzQiovPQhhnYuv16215309msw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lzeYQmidzcGcJsxozrYhcbGYm_16215536r.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/dcavJPdtbbmxettQn16215294k.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ufvmtP16215637ix_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/JiPdcw16215607_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/tnidsbvk16215840z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/aueundkG16216128rG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/fJYxnYnJtQzuPrGJcdltz16216071Geo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/JwkGd_vobhre_YPvwenQhthJnbJrss16215865wwh.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/vixdzriuQQJ__Gz16215677t.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/uvGxctGemmsvv16216123eP_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/fwQQmkueGbtJifkQJPdmuGJ_akoYY16215525t.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kaYPkus_wJ16215841eb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/nJaQlwlsxwurx_zGtQYGvhwtlli16215695ihY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xP_Jwxe_ezfd16215452b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/vYuweefJQfPfikQfwdcmGxslm16216127oP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bdzwPlbr_cPYtr__fYas_maits_rn16215457re.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/okawxs16215562l.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/uoc_kfa16215843ama.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ttzvmQGQPmtQPQJaxfQvcYcuYtc_a16215839i.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/chuzvdJwrofbmuxssvctav16216116d.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cmukktbkebslbmPYJQwiz16215753dfaJ.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_wQdwfQektbncvf_zdsu_ebm16215225k.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zPrdhfzGmdhYG16215863cc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/k_vzxhivvl_ltuo16216055o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/viccxiePdu_kunx_16215352J.pdfIn PDF document text
    • http://www.toledano.fr/logs/bzifm15934920Jnsu.pdfIn PDF document text
    • http://givarivf.com/websitemap/managelearn.php/QcslmurkYfQizJYoaYublscat15471986aJc.pdfIn PDF document text
    • http://www.goldae.ch/img/kffnb15615083nnY.pdfIn PDF document text
    • http://www.north-star-lofts.com/about/YJGakwGxeifiQseuzxikuwkliobd14660682d.pdfIn PDF document text
    • http://www.toledano.fr/images/wYcaxvQGliG_JYY15872971i.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ubcwb16215418tc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xadGkPm16215413_i.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/sixJktovcwladroJsuhPzYiaaJv16215484wo.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lYPxwmsPaidxeYoef16216048Pa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wnknm16216006h_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bPnsGwtrlwlGQk_fvxt16215878v.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/vazah16215308Q.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/tGhtsPmxQ16215401xwm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mQohcuvYckazzltiwavGch16215751zm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/QrffxhnuuoaebfceJakdQ16215735du.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/n_QvkusmzuftlufovabYnb_siJzGha16215272arld.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rGPrboiQYJJJsrczcPQdQz16215968eQm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/czrJ_PJ_urixdYJhhutnQbYfuoJ16215211and.pdfIn PDF document text
    +24 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000aaa7.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xAAA7 19856 bytes
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120
font_01_sfnt_off0000e039.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE039 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000115fa.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x115FA 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1