Malicious PDF — malware analysis report

Static analysis result for SHA-256 efb971e4d396bce1…

MALICIOUS

PDF

11.8 KB Created: 2015-07-15 16:24:06 +04:00 Authoring application: DOMPDF
MD5: f13dfc680f9de9f836b909a6a57e4bf6 SHA-1: d0c26808a6b63751e0d5ae9a348722a4eda9decf SHA-256: efb971e4d396bce1d84492760a9625016b804dfe7eb0900401f4897aa140c7ef
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded URLs, indicating a link farm. The primary heuristic identified this as a PDF_SEO_LINK_FARM, suggesting the document's purpose is to manipulate search engine results or redirect users to potentially malicious external sites. The embedded URLs are the highest priority IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://chavagnes.com/index.php?article=427.2&urwbo=2&pdf=427
    • http://ballykeeljoinery.co.uk/index.php?article=2356.1&yxhkr=1&pdf=2356
    • http://geekseals.com/index.php?article=812.1&kcbpn=1&pdf=812
    • http://chavagnes.com/index.php?article=2372.2&urwbo=2&pdf=2372
    • http://topservices.co.il/index.php?article=2102.1&xujqf=1&pdf=2102
    • http://chavagnes.com/index.php?article=1848.2&urwbo=2&pdf=1848
    • http://casarosso.com.tr/index.php?article=1599.1&gdggi=1&pdf=1599
    • http://kontraportal.com/index.php?article=1915.1&szjdf=1&pdf=1915
    • http://karolek.com.pl/index.php?article=1972.1&fwvio=1&pdf=1972
    • http://chavagnes.com/index.php?article=1270.2&urwbo=2&pdf=1270
    • http://chavagnes.com/index.php?article=2149.2&urwbo=2&pdf=2149
    • http://chavagnes.com/index.php?article=687.2&urwbo=2&pdf=687
    • http://howtoexcelinlife.com/index.php?article=438.1&ytcwy=1&pdf=438
    • http://chavagnes.com/index.php?article=2312.2&urwbo=2&pdf=2312
    • http://ehsaasmhs.org/index.php?article=1017.1&qcugi=1&pdf=1017
    • http://chavagnes.com/index.php?article=2042.2&urwbo=2&pdf=2042
    • http://maderasdelcarmen.com/index.php?article=1108.2&hpepa=2&pdf=1108

Open this report in the interactive analyzer, or submit your own file for analysis.