PDF malware analysis — malicious · d36e7827739bdcd2

MALICIOUS

PDF

4.8 KB Created: 2015-06-03 16:40:31 +03:00 Authoring application: DOMPDF

MD5: 04636aa8eb4399dadfd01de1cfa62f22 SHA-1: ba48be3353b0ae72772c11b50d04dfab4b9132fa SHA-256: d36e7827739bdcd29667a70700b5349d82e606bad6dafaac0b7359bd461a5c04

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs, a technique often used for SEO manipulation or to redirect users to malicious sites. The document body, while containing seemingly random text about stock options and webex, also repeats the URLs, reinforcing the likelihood that the primary intent is to drive traffic to these external resources. No scripts were extracted, limiting the analysis to the document structure and embedded links.

Machine Learning

Nyx PDF Classifier clean score 0.1612

Heuristics 2

Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=648
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=2372
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=1838
- http://www.nibl.co.nz/index.php?2015/decision.pdf&angzv=1&aspx=1247
- http://www.kbb-gesellschaft.de/index.php?2015/ergoarena.pdf&urggv=1&aspx=2369
- http://dyrlaegecentret.dk/index.php?2015/typestitch.pdf&hjhle=1&aspx=sitemap

Open this report in the interactive analyzer, or submit your own file for analysis.