Malicious PDF — malware analysis report

Static analysis result for SHA-256 0019091c19509259…

MALICIOUS

PDF

13.0 KB Created: 2019-04-30 04:08:05 +01:00 Authoring application: mPDF 5.7 First seen: 2021-06-04
MD5: 104ffcba9a34ca57a9abb4ca03a21695 SHA-1: e041f113ebc10e0ebb5877d081cdd0758c92499a SHA-256: 0019091c19509259cd8f0567b71f6c985b87db8aea0c9e63932e5c85372dd1cf
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO spam or to distribute malicious content. While the document body is heavily obfuscated, the heuristic firings and the presence of numerous links strongly suggest a malicious intent to redirect users. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8891

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/3a05a01a00a05a08/Cursed-by-Jennifer-L-Armentrout.pdf In PDF document text
    • http://muicuiu.dumb1.com/2a02a00a03/Oblivion-Lux-1-5-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a05a05a06a09/Don-t-Look-Back-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a08a03a03a02a04/Shadows-Lux-0-5-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a04a04a05a02/Obsession-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a04a03a06a03/Shadows-Lux-0-5-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a05a02a09a05a05/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a03a00a01a09/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/1a09a04a01a03a05/Onyx-Lux-2-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a05a00a09a08a01/Obsidian-Lux-1-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a09a07a02a02a00/Obsession-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a02a03/The-Return-Titan-1-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a08a06a06a01/The-Problem-with-Forever-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a09a03a01a06a08/The-Proposal-Wait-for-You-2-5-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/5a00a04a05/Till-Death-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/6a05a03a01a04a03/Deity-Covenant-3-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a03a03a02a08/Deity-Covenant-3-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/4a06a07a08a02a06/The-Power-Titan-2-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/2a01a05a01a07a03/Scorched-Frigid-2-by-Jennifer-L-Armentrout.pdfIn PDF document text
    • http://muicuiu.dumb1.com/3a04a05a02a07/Daimon-Covenant-0-5-by-Jennifer-L-Armentrout.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.