Malicious PDF — malware analysis report

Static analysis result for SHA-256 d309313c7ebab2f0…

MALICIOUS

PDF

12.4 KB Created: 2015-07-15 16:26:37 +04:00 Authoring application: DOMPDF First seen: 2015-08-03
MD5: 8bef0903fc6f7c83188a270065907721 SHA-1: da46a3dcbd3af611fb347cb24daf6fe4fefdfeaf SHA-256: d309313c7ebab2f009eaa846a78bf83e320557434f36aef668d63ed96cfb4ed7
92 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://chavagnes.com/index.php?article=426.2&urwbo=2&pdf=426 In PDF document text
    • http://dhyansuman.com/index.php?article=257.8&xvanh=8&pdf=257In PDF document text
    • http://zomodiet.com/index.php?article=819.1&tqubb=1&pdf=819In PDF document text
    • http://chavagnes.com/index.php?article=1658.2&urwbo=2&pdf=1658In PDF document text
    • http://ehsaasmhs.org/index.php?article=1847.1&qcugi=1&pdf=1847In PDF document text
    • http://chavagnes.com/index.php?article=1488.2&urwbo=2&pdf=1488In PDF document text
    • http://karolek.com.pl/index.php?article=1751.1&fwvio=1&pdf=1751In PDF document text
    • http://www.mantrabeautybar.ca/index.php?article=2168.1&rukbv=1&pdf=2168In PDF document text
    • http://gonencelik.com.tr/index.php?article=2247.1&aosqe=1&pdf=2247In PDF document text
    • http://chavagnes.com/index.php?article=2452.2&urwbo=2&pdf=2452In PDF document text
    • http://chavagnes.com/index.php?article=772.2&urwbo=2&pdf=772In PDF document text
    • http://chavagnes.com/index.php?article=1172.2&urwbo=2&pdf=1172In PDF document text
    • http://power-team.cz/index.php?article=2129.3&uwbuc=3&pdf=2129In PDF document text
    • http://chavagnes.com/index.php?article=1962.2&urwbo=2&pdf=1962In PDF document text
    • http://sestramaca.hr/index.php?article=1977.3&jjcxv=3&pdf=1977In PDF document text
    • http://chavagnes.com/index.php?article=2093.2&urwbo=2&pdf=2093In PDF document text
    • http://healthcare2-concepts.com/index.php?article=586.1&syyyl=1&pdf=586In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off00000309.js decompressed-pdf-stream PDF FlateDecoded stream at offset 0x309 13563 bytes
SHA-256: 9d634c6b6a575943a221f5d2161b728eb49ab657e47004c5150e7037a00e3277

Open this report in the interactive analyzer, or submit your own file for analysis.