Malicious PDF — malware analysis report

Static analysis result for SHA-256 17c75b0f70c2438b…

MALICIOUS

PDF

12.8 KB Created: 2019-04-30 17:52:33 +01:00 Authoring application: mPDF 5.7
MD5: b0c39915c678240a9fb5b2e19932c6c4 SHA-1: 008a730f69922c275c629558e80c8d8907e2a1fa SHA-256: 17c75b0f70c2438bd539e41e9decc3fb954604a7075fb8b1537e7219fe0e0fa8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, masquerading as book downloads, which is a common lure for phishing or malware distribution. The ML classifier also flagged this PDF as malicious. While no scripts were directly extracted, the PDF structure and link farm heuristic suggest an attempt to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xiixmcuin.linkpc.net/3200201201209203/Devil-in-Winter-The-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/2209208205206201/The-Devil-in-Winter-Wallflowers-3-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/2202203201201206/Blue-Eyed-Devil-Travises-2-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/2205201209207205/Blue-Eyed-Devil-Travises-2-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/1202203206204/Suddenly-You-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/1207206209201205/Only-With-Your-Love-Vallerands-2-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/8207209207208/Where-Dreams-Begin-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/8206201207207208/Scandal-in-Spring-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/3208203204201206/Again-the-Magic-Wallflowers-0-5-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/2207209202204200/Hello-Stranger-The-Ravenels-4-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/3208204207208209/Where-Dreams-Begin-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/3209200201206206/Dreaming-of-You-Gamblers-2-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/4203201209206206/Give-Me-Tonight-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/1200207203201202208/Secrets-of-Summer-Nights-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/3206205200204/Tempt-Me-at-Twilight-The-Hathaways-3-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/3209202208207207/It-Happened-One-Autumn-Wallflowers-2-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/4207207206209207/Tempt-Me-at-Twilight-The-Hathaways-3-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/2204209203206203/The-Hathaways-Complete-Series-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/4201205206205208/Seduce-Me-at-Sunrise-The-Hathaways-2-by-Lisa-Kleypas.pdf
    • http://xiixmcuin.linkpc.net/1203203209208206/Midnight-Angel-Stokehurst-1-by-Lisa-Kleypas.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.