Malicious PDF — malware analysis report

Static analysis result for SHA-256 0f3b402ce82b697a…

MALICIOUS

PDF

15.8 KB Created: 2019-04-30 04:05:02 +01:00 Authoring application: mPDF 5.7
MD5: a7533c348a3c0652ba23fb1acf3dde4d SHA-1: 02e4f295fbb9db580d104c33cf3ba2c128a6d11a SHA-256: 0f3b402ce82b697a0d278f00f72a18fdb380d0c794c402ea7ca5417746bb5558
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified as a link farm. While the document body is unreadable, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests the document's purpose is to distribute these links. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9800

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/6a08a04a06a01a09/The-First-Noelle-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/4a01a09a02a01a07/Level-Five-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/1a02a03a05a07/Just-One-Kiss-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/1a02a06a03a08/Pregnant-with-His-Child-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/3a02a06a05a04a03/Reluctant-Wife-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/3a01a09a05a02a06/Cowboy-Deputy-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/2a02a08a04a01a00/Up-Close-and-Personal-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/1a00a08a09a09a06a00/Exposed-Tough-Justice-1-1-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/4a05a04a00a04a06/Her-Secret-His-Duty-The-Adair-Legacy-1-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/2a03a00a06a06a06/Scene-of-the-Crime-Bridgewater-Texas-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/3a01a09a02a07a09/Scene-of-the-Crime-Deadman-s-Bluff-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/3a01a09a05a02a00/Scene-of-the-Crime-Bachelor-Moon-by-Carla-Cassidy.pdf
    • http://muicuiu.dumb1.com/4a08a04a09a07/Puget-s-Sound-A-Narrative-of-Early-Tacoma-and-the-Southern-Sound-by-Murray-Morgan.pdf
    • http://muicuiu.dumb1.com/1a01a08a02a09a09/Voices-from-the-Sound-Chronicles-of-Clayoquot-Sound-and-Tofino-1899-1929-by-Margaret-Horsfield.pdf
    • http://muicuiu.dumb1.com/2a09a00a06a03a09/Cassidy-Jones-and-Vulcan-s-Gift-Cassidy-Jones-Adventures-2-by-Elise-Stokes.pdf
    • http://muicuiu.dumb1.com/2a09a00a06a03a08/Cassidy-Jones-and-the-Secret-Formula-Cassidy-Jones-Adventures-1-by-Elise-Stokes.pdf
    • http://muicuiu.dumb1.com/5a00a05a09a03/Cassidy-Jones-and-the-Secret-Formula-Cassidy-Jones-Adventures-1-by-Elise-Stokes.pdf
    • http://muicuiu.dumb1.com/6a08a07a02a04a07/Off-The-Beaten-Path---A-Steve-Cassidy-Mystery-Steve-Cassidy-3-by-John-Schlarbaum.pdf
    • http://muicuiu.dumb1.com/3a03a02a09a00a01/Cassidy-Jones-and-the-Luminous-Cassidy-Jones-Adventures-4-by-Elise-Stokes.pdf
    • http://muicuiu.dumb1.com/6a00a08a04a00a03/The-Cathy-Cassidy-Dreams-and-Doodles-Daybook-by-Cathy-Cassidy.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.