Malicious PDF — malware analysis report

Static analysis result for SHA-256 001763c7455c8637…

MALICIOUS

PDF

16.5 KB Created: 2019-04-30 08:15:55 +01:00 Authoring application: mPDF 5.7 First seen: 2021-05-29
MD5: efcc3583464ac442cb34e07ff4748cf7 SHA-1: 0f832f6379ef7da2e5032002d0fa2af52a8caebc SHA-256: 001763c7455c8637677beb6d7493e6391995d68ab8bd6b1402ffb01c47b5ea74
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. While the URLs themselves are marked as benign, the sheer volume and structure suggest a malicious intent, possibly to manipulate search engine results or to distribute further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also strongly indicates maliciousness. The SE_DOWNLOAD_BUTTON heuristic suggests a lure to encourage user interaction with these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9907

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a04a01a07/The-Cuban-Affair-A-Novel-by-Nelson-DeMille.pdf In PDF document text
    • http://muicuiu.dumb1.com/3a03a07a08a05a09/Nelson-De-Mille-Classics-Three-Book-Set-The-Lion-s-Game-Plum-Island-The-Charm-School-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/9a02a03a08a04/Spencerville-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a02a00a08a03/Cathedral-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/8a02a04a02a05/Mayday-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a04a09a08a09a00/The-Charm-School-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a08a02a06a06/Gold-Coast-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a03a05a04a00a00/The-Lion-John-Corey-5-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a08a08a06a06/Wild-Fire-John-Corey-4-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/8a08a06/Radiant-Angel-John-Corey-7-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/8a08a01a09a08a03/The-General-s-Daughter-Paul-Brenner-1-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a00a05a06a04a04/Plum-Island-John-Corey-1-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a00a00a06a04/Night-Fall-John-Corey-3-by-Nelson-DeMille.pdfIn PDF document text
    • http://muicuiu.dumb1.com/9a03a09a00a09a01/The-President-s-Affair-A-Dramatization-of-the-Clinton-Lewinsky-Affair-by-John-Gordon-Gray.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a08a09a07a05/Mike-Nelson-s-Mind-over-Matters-by-Michael-J-Nelson.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a07a05a05a06a05/The-Gideon-Affair-The-Affair-1-by-Suzanne-Halliday.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a06a09a01a00a08/Italian-Affair-Affair-2-by-Annie-Seaton.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a09a02a00a08a07/The-Blackstone-Affair-Collection-Naked-All-In-and-Eyes-Wide-Open-The-Blackstone-Affair-1-3-by-Raine-Miller.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a05a08a04a07a08/Cuban-Dagger-by-Ken-McKea.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a06a07a04a09a08/1913-by-Oliver-DeMille.pdfIn PDF document text