PDF static analysis report

Static analysis result for SHA-256 cb0ef97df3d829f2…

SUSPICIOUS

PDF

87.4 KB Created: 2016-12-26 17:07:47 +08:00 First seen: 2018-10-07
MD5: 9cf70d22579a4e4bb40dd644cb47a0b0 SHA-1: 02d08ccf49d8e935b0534c44528eb212e9de966e SHA-256: cb0ef97df3d829f2e84afcae23a237f41cc44a4649c01e0cb8f9e52f8ac2345f
34 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/nhlswaviY16217095dv.pdf PDF link annotation
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/JeawihnnQaekQ16216619s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/luiobhPYba16216821mm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/GtfrGcn16216255t.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/oelbebhoJhsthYYwwcvYbc16217048zdwP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/zenQJdutvdGwsldlvus16216747s.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/ecPPifmlislrwkcP16216617azw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/JnzwGrnmivfGawixmt16216199z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/vQi16216767z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/xuG16216671vtf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/cnQwnm16216715fi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/bsuPtQPa_dPJhauhrosten16216464uce.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/Pzrodnf16217132i_x.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/cts_zYxaPQ16216486mlk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/PPtrvrbvalwvzfzfYPenltGbklwxb16216335cfe.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/suJGx16216356Ymi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/txYxPJmvzzJukf16216562cY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/dtlkPtbudehJ16216474fGYt.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/YcrtxQnckvhiPknaw16216515lukY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/ebmt16216947wkt.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/baembnPxhQbPovkPrb16217050dvbb.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/YfkhJs_QYtbwx_iJuvPlkfa16217104z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/eQuttfmPivPanfcmwzbn_w16216754Yw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/xzbhJk_fkPih16216501m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/ebb_wf_iuYYsY_YwPPlts16216981l.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/hbvPetPcvvhoreGvtmlvrovaQYf16216827PhJa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/ouQzYfl16217119k.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/nPntdciww_PGlnQPnsiJrJk_t16216460c_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/Q_Q_GeiwsJPhvvirwGbos16216906kn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/YkfQxmwrrGJcfxx16217077aG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/imkwkorQbsPcbkQJakth16216822nG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/mivnkuhzG_QskQwodrQQvaGzsioGtk16216271wmsc.pdfIn PDF document text
    • http://healthlink.org.au/effortage/shJfhxam15686118fn.pdfIn PDF document text
    • http://www.toledano.fr/logs/kGuhtcPf15918084u.pdfIn PDF document text
    • http://wemarketcy.com/list/ncuraGolQtdfcvmhusurmwvh15105207and.pdfIn PDF document text
    • http://www.toledano.fr/images/vr_15982310Gi.pdfIn PDF document text
    • http://www.toledano.fr/images/hhfuui15918730rrxz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/fzecdwhe_fsfiwlbmszmbbP16217138sra.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/tikzeeYrJkoslruJYhnY_Gbv_cc16216772vQ_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/reexneux_hJnxJoGlewr16216733z.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/fizohsofcewGletl16216753sn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/_udzQaQG16216433uh.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/tQiefzzzcPhsemJxr_GtPbnk16216758v_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/rl_viltnPcobfs16216766Yk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/mufJuQPfohno16216659udd.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/dovcnfGkmYwroxdmt_e16216311sPs_.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/iYhdGnsteGJJdGzY16216803nxi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/PhYvdmGsxGxPwdobzrl_rYkinv16216457P.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/dmmbdJfhrbYGJvrPzQbzh16216429zGw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/QoGlrhbfhcallukumP_PJzifi16216275m.pdfIn PDF document text
    +25 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000b658.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB658 19964 bytes
SHA-256: 3d1c5b905549572cd1e0b8dc37c011a51dc65394fa8ac21f34d4a7fd85c7499c
font_01_sfnt_off0000ec51.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xEC51 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off00012212.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x12212 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1