Malicious PDF — malware analysis report

Static analysis result for SHA-256 e14cc485c4146c28…

MALICIOUS

PDF

11.5 KB Created: 2015-07-15 05:47:44 +04:00 Authoring application: DOMPDF
MD5: 74ea866da0cb338687e4f9d8a383fa7b SHA-1: 5c89da979ffe9c0f22fe65290519f15340a493f5 SHA-256: e14cc485c4146c289fbc38cbd3ffed6f571301eaef9361c67dd0ee2d261deb8a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified as a link farm, pointing to various websites. The ML classifier also flagged this PDF as malicious. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' which suggests the document's purpose is to drive traffic to a network of sites, likely for malicious redirection or phishing. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9282

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://primetimerecords.com/index.php?article=1481.1&cvsqx=1&pdf=1481
    • http://weterynarz-gdynia.pl/index.php?article=624.2&axpfr=2&pdf=624
    • http://harmenhomes.ca/index.php?article=1551.1&wcdhp=1&pdf=1551
    • http://primetimerecords.com/index.php?article=634.1&cvsqx=1&pdf=634
    • http://phillipsandcoinc.com/index.php?article=1297.1&sxlyu=1&pdf=1297
    • http://primetimerecords.com/index.php?article=1860.1&cvsqx=1&pdf=1860
    • http://www.motz73.fr/index.php?article=358.1&vrqcc=1&pdf=358
    • http://149clean.com/index.php?article=1111.2&lkxaf=2&pdf=1111
    • http://aksoynet.nl/index.php?article=2211.2&cwiie=2&pdf=2211
    • http://primetimerecords.com/index.php?article=1288.1&cvsqx=1&pdf=1288
    • http://primetimerecords.com/index.php?article=120.1&cvsqx=1&pdf=120
    • http://primetimerecords.com/index.php?article=599.1&cvsqx=1&pdf=599
    • http://www.mantrabeautybar.ca/index.php?article=319.1&rukbv=1&pdf=319
    • http://primetimerecords.com/index.php?article=1744.1&cvsqx=1&pdf=1744
    • http://clockworkmovies.com/index.php?article=2051.1&wgigr=1&pdf=2051
    • http://primetimerecords.com/index.php?article=1916.1&cvsqx=1&pdf=1916
    • http://rollermarathondijon.fr/index.php?article=333.2&rbpva=2&pdf=333

Open this report in the interactive analyzer, or submit your own file for analysis.