Malicious PDF — malware analysis report

Static analysis result for SHA-256 cdc82a283d174640…

MALICIOUS

PDF

4.7 KB Created: 2015-06-03 16:40:32 +03:00 Authoring application: DOMPDF
MD5: 91e5503325e77f61751f7a20a74b8bb3 SHA-1: ac0b64a411d8665fc6f5f82e31be39cf0c3166ba SHA-256: cdc82a283d174640c70060b67b178339d8dda2220f52ecc635168f53ef62e4e6
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a significant number of embedded URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. The document body is filled with text related to forex trading, likely as a lure to disguise the malicious intent. The primary goal appears to be SEO manipulation or redirecting users to potentially malicious websites through the extensive link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.prequine.com/index.php?2015/torcida.pdf&fcldj=1&aspx=441
    • http://www.prequine.com/index.php?2015/torcida.pdf&fcldj=1&aspx=2394
    • http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=1254
    • http://www.prequine.com/index.php?2015/torcida.pdf&fcldj=1&aspx=1176
    • http://www.academiafutebolangola.com/index.php?2015/hmdeepfocus.pdf&audtr=1&aspx=2496
    • http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.