Malicious PDF — malware analysis report

Static analysis result for SHA-256 fdd15097ba1b8f1e…

MALICIOUS

PDF

12.1 KB Created: 2015-07-15 16:23:03 +04:00 Authoring application: DOMPDF
MD5: ca84d9996bbe75f8c5c1ddf143ffe154 SHA-1: a92d47652ed51b7e22b93db885e7e661f10e98d3 SHA-256: fdd15097ba1b8f1ed6e0b09dd443d8caf535022b55ab6773db39e0a1146d9397
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to various domains, suggesting a link farm or SEO manipulation tactic. The primary purpose appears to be directing users to external sites, potentially for phishing or malware distribution, rather than delivering a direct payload within the PDF itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://chavagnes.com/index.php?article=885.2&urwbo=2&pdf=885
    • http://satarahealthcare.com/index.php?article=1678.1&tpoox=1&pdf=1678
    • http://hsaig.com/index.php?article=2036.1&gpfes=1&pdf=2036
    • http://chavagnes.com/index.php?article=228.2&urwbo=2&pdf=228
    • http://wilsonswharf.com/index.php?article=2348.7&lcckn=7&pdf=2348
    • http://chavagnes.com/index.php?article=1313.2&urwbo=2&pdf=1313
    • http://castres-ski-passion.fr/index.php?article=518.2&rpbeh=2&pdf=518
    • http://www.mantrabeautybar.ca/index.php?article=433.1&rukbv=1&pdf=433
    • http://aryservicos.com/index.php?article=437.1&chxuv=1&pdf=437
    • http://chavagnes.com/index.php?article=1953.2&urwbo=2&pdf=1953
    • http://chavagnes.com/index.php?article=203.2&urwbo=2&pdf=203
    • http://chavagnes.com/index.php?article=1852.2&urwbo=2&pdf=1852
    • http://larasstore.com/index.php?article=1013.2&qcpsq=2&pdf=1013
    • http://chavagnes.com/index.php?article=1636.2&urwbo=2&pdf=1636
    • http://unibindsport.no/index.php?article=2327.1&ufueq=1&pdf=2327
    • http://chavagnes.com/index.php?article=2392.2&urwbo=2&pdf=2392
    • http://urbanindoorgs.com/index.php?article=607.1&lkbfl=1&pdf=607

Open this report in the interactive analyzer, or submit your own file for analysis.