PDF static analysis report

Static analysis result for SHA-256 f3fbff455adbe28c…

SUSPICIOUS

PDF

84.8 KB Created: 2016-12-27 02:17:16 +08:00 First seen: 2018-10-07
MD5: fa93bd721247ef2e96614f777e213d9f SHA-1: 39708a690cc8c7340adf8f50cef918c19fb1217b SHA-256: f3fbff455adbe28c2a352f5de408fa5a0021afbfaa7ab132048d3de877a794c7
32 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 2

  • PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
    PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dubaipropertyrentals.net/idealow/causemusic.php/eYf_Q_smuolta_kflnlzvstwwn16216147ua.pdf In PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bYb_Pn_ibmatcJh16257667Qm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xGGPiahleka_YxJbvacebwu16215298hsfk.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/oJn_ndksaekvYh16243754hvem.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/Plhalshmx16257585o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xoQYkenYkhtuhbbevxf16257683sar.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/lntnfGtibmYri16215462Qrth.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/nhnotudu16243660Jiai.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/kYslcimrv_hwfkxGkJkbbsct_zrQwl16215698ifi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xYoe__ckbbJQnckfrbefJhazulexG16215302kec.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rancdGmo_fxhf16215390JG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cPJrnGPktocJJaGuoQmYhnsdld16215551kzw.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/emnsGunbbudibeinbowosbtwJavGzn16257441oGet.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zwGmskfxrkuhbwrooGkGYYml16257460c.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/GtzoQnorhazoozorJzYvibk16215909wl.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/aYvtahawlkflzcixec_vPdku16243835Y.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mrsYGhJPzGxJesQhJ16243796PrcG.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/xooaQsbYus16215189ow.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/bwGbJzctssJi16243755_Qa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/trltlrz_t16215670b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wwhJiYsd16215950lYek.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/YmlfdxeuozuzJP_tGdxxbGzh16215612_osd.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zeaJnidhrwt_ibQntJYktkl16257473Yko.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/enQbrlsJw16216140sJts.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/fvwiGiGfa_QfJeYrmlGzPzbnJrm16215387thsr.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/drJxboJJfr16243855mQP.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/GfhGPhsmructGPuimxtxGiGii16215328e.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/fYJri_womQitPvicd16257506w_b.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/nmadnamaGb_16257407dur.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/rdhtc_YnveYYGPnsQ16215657cJsn.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/PxtfPlfGaz_bwevnGniQPePhho_P16257496uf_.pdfIn PDF document text
    • http://www.corsoanatocismousura.it/index.php/service/ouuuQhzGbtQPQe15318681Jobc.pdfIn PDF document text
    • http://www.toledano.fr/images/zJQkrrs15935643kkeo.pdfIn PDF document text
    • http://www.goldae.ch/img/tunQitrai_GQchaf15614790hm.pdfIn PDF document text
    • http://www.drivesafely.co.in/wp-content/uploads/2016/fieldpass.php/Guand16220041cP_i.pdfIn PDF document text
    • http://kookhoekvandinie.com/addhour/zvi15880783wY.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mPhP_vPccr_tlJswJYhPfJl16215916we.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ozuJYbcukimafudQPofJnkxlGn16257658iJc.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/i_atrde16215500von.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/wccskJkrauPtfkzlkhaekddv16257617Yhoa.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/zceblnv_16215949o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_olQsibhezxJxePvmzPwn16215339o.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/eakJwJrGsbhstd_rGlzYsdtQ16215542hufu.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mvwinmmwxhQctQGJvGPvxfwJraQvz16215513hQe.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/uJhscuohwnoPdJ16215435uf.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/mrxcQPwmYxdGYJhurcPkeo_kir16215593vi.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/olldohvt16215358bm.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/ks_f_z_PocrrPYttx16243788Pz.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/cfxuubou16215336m.pdfIn PDF document text
    • http://dubaipropertyrentals.net/idealow/causemusic.php/_lcPhPJrPuGxo_YllhlJtoeJw16243847kP.pdfIn PDF document text
    +24 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000ac81.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xAC81 19856 bytes
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120
font_01_sfnt_off0000e213.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE213 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off000117d2.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x117D2 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1