PDF static analysis report

Static analysis result for SHA-256 d9f1a59078bebac7…

SUSPICIOUS

PDF

69.4 KB Created: 2018-06-11 08:57:15 -04:00 Authoring application: wkhtmltopdf 0.12.4 (via Qt 4.8.7) First seen: 2020-07-24
MD5: d9e83e7b1abfd916c25dd0d028f497b9 SHA-1: f5cddf3430393b72b31376d252ab4411b9e9c0a9 SHA-256: d9f1a59078bebac71fa4b65c432ad0c1d7bd2cde007c26488bba6b5d98f3c6c3
40 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.1036

Heuristics 3

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://uncpbisdegree.com/download3.php?q=standard-chartered-careers-pakistan.pdf In PDF document text
    • http://uncpbisdegree.com/download4.php?q=standard-chartered-careers-pakistan.pdfIn PDF document text
    • https://www.careerarc.com/job-search/standard-chartered-bank-jobs-in-karachi-sindh-pakistan.htmlIn PDF document text
    • http://www.freebase.com/In PDF document text
    • http://riverside-resort.net/1/service-manual-gearbox-zf-4hp14-peugeot.pdfIn PDF document text
    • http://riverside-resort.net/1/sprint-sierra-wireless-overdrive-3g-4g-mobile-hotspot-manual.pdfIn PDF document text
    • http://riverside-resort.net/1/types-of-bonds-section-2-reinforcement.pdfIn PDF document text
    • http://riverside-resort.net/1/the-waxing-and-care-of-skis-and-snowboards.pdfIn PDF document text
    • http://riverside-resort.net/1/troy-bilt-super-bronco-manual.pdfIn PDF document text
    • http://riverside-resort.net/1/study-guide-for-childhood-lead-supervisor-exam.pdfIn PDF document text
    • http://riverside-resort.net/1/self-observation-the-awakening-of-conscience-an-owners-manual-red-hawk.pdfIn PDF document text
    • http://riverside-resort.net/1/teachers-math-book-answer-key.pdfIn PDF document text
    • http://riverside-resort.net/1/the-womans-bible.pdfIn PDF document text
    • http://riverside-resort.net/1/the-triumph-of-the-moon-a-history-of-modern-pagan-witchcraft.pdfIn PDF document text
    • https://www.careerarc.com/job-search/standard-chartered-bank-jobsIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://www.sc.com/en/careers/In PDF document text
    • https://www.sc.com/en/careers/jobseekers/In PDF document text
    • https://www.sc.com/graduates/In PDF document text
    • https://www.sc.com/en/about/our-peopleIn PDF document text
    • https://www.sc.com/en/contact-us/In PDF document text
    • http://www.standardchartered.com/careers/contact/SC01/In PDF document text
    • https://online.standardchartered.com/nfs/ibank/pk/foa/login.htmIn PDF document text
    • http://www.standardchartered.com/In PDF document text
    • http://www.sc.com/In PDF document text
    • http://en.wikipedia.org/wiki/Standard_CharteredIn PDF document text
    • https://www.twitter.com/stanchartIn PDF document text
    • https://www.sc.com/pk/In PDF document text
    • https://sc.taleo.net/careersection/sc1/moresearch.ftlIn PDF document text
    • https://www.rozee.pk/company/standard-chartered-bank-pakistanIn PDF document text
    • https://online.standardchartered.com/nfs/ibank/pk/foa/logout.htmIn PDF document text
    • https://www.glassdoor.com/Reviews/Standard-Chartered-Bank-Lahore-Reviews-EI_IE226853.0,23_IL.24,30_IM1625.htmIn PDF document text
    • https://www.glassdoor.com/Reviews/index.htmIn PDF document text
    • https://www.glassdoor.com/Reviews/lahore-reviews-SRCH_IL.0,6_IM1625.htmIn PDF document text
    • https://170000121.r.bat.bing.com/?ld=d3uJiUUrB24-XnAEsJnW6pZDVUCUy5HDzuLfK1ccKwLnTfKtE_jeoihJIplZvd6pMu96Rw-belPNCQy49CuTfufV_LLFPb5Z3mROJGgwMCRfh2i94x3O3dXQQWqFjRFx8KOt8xaLOKtpVVwmT3zGTpTrWWTcyiJHZdWmkXNrw2ZWFq94l6&u=http%3a%2f%2fwww.jobsgalore.com%2fjobs%3fts%3dya%26q%3dcareers%2bstandard%2bchartered%2bpakistanIn PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
    • http://creativecommons.org/licenses/by-sa/3.0/In PDF document text
    • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
    • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
    • https://www.sc.com/en/careersIn PDF document text
    • https://www.sc.com/pkIn PDF document text
    • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000bc2b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBC2B 15848 bytes
SHA-256: aa8a9f60dd4b1eb6ea2c9b4d4a07db04f87da4652c7b3c1742b70b4180d04852
font_01_sfnt_off0000eb7b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xEB7B 9256 bytes
SHA-256: 136fe029c9d1770941c9c1f199d450ccfd1e34755e1827bd0b2ff0b2716c7b56