Malicious PDF — malware analysis report

Static analysis result for SHA-256 16c214d4070cae11…

MALICIOUS

PDF

13.6 KB Created: 2019-05-03 06:27:17 +01:00 Authoring application: mPDF 5.7
MD5: 0976065923ed0d03c530986fb0527458 SHA-1: 8d360e61cab15fba568ca904e684e9935d3456ee SHA-256: 16c214d4070cae112b080fd521072851f3ca383c494f5c16dadafca782a14747
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to other PDF files, a technique often used for SEO spam or to direct users to malicious content. While the document body is heavily obfuscated, the presence of a "download button" heuristic and the ML classifier's high confidence score indicate malicious intent. The embedded URLs, though marked as benign, are part of the link farm strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/9a02a02a01a04a04/Mole-s-Sunrise-by-Jeanne-Willis.pdf
    • http://muicuiu.dumb1.com/3a08a02a02a09a07/Blooming-at-the-Texas-Sunrise-Motel-by-Kimberly-Willis-Holt.pdf
    • http://muicuiu.dumb1.com/2a00a08a03a09a02/The-Bog-Baby-by-Jeanne-Willis.pdf
    • http://muicuiu.dumb1.com/2a09a04a09a08a03/Mole-and-Troll-Trim-the-Tree-Mole-and-Troll-2-by-Tony-Johnston.pdf
    • http://muicuiu.dumb1.com/4a05a03a06a02a04/The-Secret-Diary-of-Adrian-Mole-Aged-13-3-4-Adrian-Mole-1-by-Sue-Townsend.pdf
    • http://muicuiu.dumb1.com/4a08a06a05a03/Adrian-Mole-The-Cappuccino-Years-Adrian-Mole-5-by-Sue-Townsend.pdf
    • http://muicuiu.dumb1.com/3a07a01a02a09a06/Adrian-Mole-The-Wilderness-Years-Adrian-Mole-4-by-Sue-Townsend.pdf
    • http://muicuiu.dumb1.com/8a07a01a03a06a09/Adrian-Mole-The-Lost-Years-Adrian-Mole-1-4-by-Sue-Townsend.pdf
    • http://muicuiu.dumb1.com/2a07a04a08a00a02/Adrian-Mole-The-Cappuccino-Years-Adrian-Mole-5-by-Sue-Townsend.pdf
    • http://muicuiu.dumb1.com/2a06a06a07a02a01/Time-is-the-Fire-The-Best-of-Connie-Willis-by-Connie-Willis.pdf
    • http://muicuiu.dumb1.com/6a00a01a03/The-Darkest-Sunrise-The-Darkest-Sunrise-1-by-Aly-Martinez.pdf
    • http://muicuiu.dumb1.com/9a02a02a01a05a04/The-Mole-by-Dan-Sherman.pdf
    • http://muicuiu.dumb1.com/8a08a00a09a03/Miss-Mole-by-E-H-Young.pdf
    • http://muicuiu.dumb1.com/9a02a02a01a00a03/Mole-Had-Everything-by-Jamison-Odone.pdf
    • http://muicuiu.dumb1.com/9a02a02a01a00a01/Trusted-Mole-by-Milos-Stankovic.pdf
    • http://muicuiu.dumb1.com/9a02a02a01a00a08/A-Friend-for-Mole-by-Nancy-Armo.pdf
    • http://muicuiu.dumb1.com/4a08a01a01a08a06/Mole-Music-by-David-McPhail.pdf
    • http://muicuiu.dumb1.com/1a00a07a03a04a02/The-Magic-Mole-by-Martha-Kehr.pdf
    • http://muicuiu.dumb1.com/5a00a01a09a03a02/The-Mole-Family-s-Christmas-by-Russell-Hoban.pdf
    • http://muicuiu.dumb1.com/7a08a05a02a06/The-Naked-Mole-Rat-Letters-by-Mary-Amato.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.