Malicious PDF — malware analysis report

Static analysis result for SHA-256 11a60be30d0d1911…

MALICIOUS

PDF

15.7 KB Created: 2020-03-18 11:26:55 +00:00 Authoring application: mPDF 5.7
MD5: 21a3935f9cfd4a9dd8ebca3ddb4ef7cb SHA-1: 52bc2dd7dbdcf551aecf17bf1168ec1e4def0eec SHA-256: 11a60be30d0d1911005230cf9b693d5f250014ddd0778243bface23d8dc9454e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to a single suspicious domain, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be directing users to a link farm, likely for SEO poisoning or to host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://easckaolp.myhome.cx/1840847848840841845/Wander-Reiten-um-die-Welt-Oskar-reitet-in-Indien-Tibet-China-T-rkei-Nord-und-S-damerika-by-Manuel-Sauda-Sauda-Manuel.pdf
    • http://easckaolp.myhome.cx/1848849845847840/Condensed-Chaos-An-Introduction-to-Chaos-Magic-by-Phil-Hine.pdf
    • http://easckaolp.myhome.cx/3848847840841844/Chaos-Unleashed-Chaos-Rises-2-by-Pippa-DaCosta.pdf
    • http://easckaolp.myhome.cx/2845845845844842/Chaos-Magic-Gods-and-Chaos-1-by-Jay-Lygon.pdf
    • http://easckaolp.myhome.cx/9846847845844840/Conversations-with-Manuel-Castells-by-Manuel-Castells.pdf
    • http://easckaolp.myhome.cx/4846843847843847/Constellation-of-Chaos-Constellation-of-Chaos-1-by-Laura-Sebastian.pdf
    • http://easckaolp.myhome.cx/1845844849846840/Dead-Chaos-Dead-Chaos-1-by-April-Brookshire.pdf
    • http://easckaolp.myhome.cx/1841843847848843849/Die-Totenfresser-by-Niklaus-Manuel.pdf
    • http://easckaolp.myhome.cx/3843849843845848/Kanyakumari-by-Hazel-Manuel.pdf
    • http://easckaolp.myhome.cx/6842841844849840/So-ador-by-Manuel-Angel-Arrias.pdf
    • http://easckaolp.myhome.cx/3844849843843843/The-Killer-Trees-by-David-E-Manuel.pdf
    • http://easckaolp.myhome.cx/9846847847842845/Manuel-Castells-by-Jesse-Russell.pdf
    • http://easckaolp.myhome.cx/7841842843840849/Manuel-Gallego-by-Erica-Witschey.pdf
    • http://easckaolp.myhome.cx/1840840846840848840/Strenge-Erziehung-by-Manuel-Magiera.pdf
    • http://easckaolp.myhome.cx/3846841841848841/Tattoo-by-Manuel-V-zquez-Montalb-n.pdf
    • http://easckaolp.myhome.cx/4845848847849/Four-Spanish-Pieces-by-Manuel-de-Falla.pdf
    • http://easckaolp.myhome.cx/6848841844845842/Zigzagger-Stories-by-Manuel-Mu-oz.pdf
    • http://easckaolp.myhome.cx/4849842843843847/The-Carpenter-s-Pencil-by-Manuel-Rivas.pdf
    • http://easckaolp.myhome.cx/5840849846844841/-Qu-me-quieres-amor-by-Manuel-Rivas.pdf
    • http://easckaolp.myhome.cx/9844849847843846/Als-ik-nee-zeg-voel-ik-me-schuldig-by-Manuel-J-Smith.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.