Malicious PDF — malware analysis report

Static analysis result for SHA-256 1603b05166110545…

MALICIOUS

PDF

17.4 KB Created: 2019-04-30 07:19:40 +01:00 Authoring application: mPDF 5.7
MD5: 3c21a06dc1a764bd91b0c60908f8c640 SHA-1: 4fac0c8da32308fb6d2de6daec88d47d62430d70 SHA-256: 1603b051661105458b958fc566886e0c494072360ad49200a017a1309e2aea41
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, which are presented as book titles. These links likely serve as a lure to direct users to malicious content or phishing sites. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of this document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/9a00a09a03a04a01/The-Complete-Gillian-Flynn-Gone-Girl-Dark-Places-Sharp-Objects-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/2a00a08a03a00a06/The-Novels-of-Gillian-Flynn-Sharp-Objects-Dark-Places-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/1a09a09a05/The-Grownup-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/5a09a08a09a03a04/Na-Propria-Carne-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/2a05a03a04a08a08/Sharp-Objects-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/8a07a07a08a07/Dark-Places-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/1a00a05a02a01a04a07/Sharp-Objects-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/9a08a09a09a09a09/Gef-hrliche-Ahnung-quot-Cry-Baby-quot-und-quot-Dark-Places-quot-Zwei-Thriller-in-einem-Bundle-by-Gillian-Flynn.pdf
    • http://muicuiu.dumb1.com/3a05a07a05a09a04/Vince-Flynn-Collectors-Edition-1-Term-Limits-Transfer-of-Power-and-The-Third-Option-by-Vince-Flynn.pdf
    • http://muicuiu.dumb1.com/1a06a03a06a09a08/Flynn-Nightsider-and-the-Edge-of-Evil-Flynn-Nightsider-1-by-Mary-Fan.pdf
    • http://muicuiu.dumb1.com/2a08a03a02a06a07/Ready-For-Flynn-Part-3-Ready-For-Flynn-3-by-K-L-Shandwick.pdf
    • http://muicuiu.dumb1.com/2a08a03a02a06a08/Ready-For-Flynn-Part-2-Ready-For-Flynn-2-by-K-L-Shandwick.pdf
    • http://muicuiu.dumb1.com/3a06a09a00a05a05/Girl-with-the-Dragon-Tattoo-Trilogy-Bundle-The-Girl-with-the-Dragon-Tattoo-The-Girl-Who-Played-with-Fire-The-Girl-Who-Kicked-the-Hornet-s-Nest-by-Stieg-Larsson.pdf
    • http://muicuiu.dumb1.com/1a00a02a07a01a03/Anything-You-Do-Say-by-Gillian-McAllister.pdf
    • http://muicuiu.dumb1.com/7a04a09a07a03/The-Tuckshop-Kid-by-Pat-Flynn.pdf
    • http://muicuiu.dumb1.com/3a01a08a00a07/After-Tomorrow-by-Gillian-Cross.pdf
    • http://muicuiu.dumb1.com/4a05a01a06a02a09/Chartbreak-by-Gillian-Cross.pdf
    • http://muicuiu.dumb1.com/4a06a05a08a06a06/Elvis-and-Me-by-Gillian-Wills.pdf
    • http://muicuiu.dumb1.com/3a01a09a06a06/Where-I-Belong-by-Gillian-Cross.pdf
    • http://muicuiu.dumb1.com/3a08a05a04a06a03/Vet-Among-the-Pigeons-by-Gillian-Hick.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.