Malicious PDF — malware analysis report

Static analysis result for SHA-256 194e6013446d7967…

MALICIOUS

PDF

15.7 KB Created: 2019-04-23 19:41:47 +01:00 Authoring application: mPDF 5.7
MD5: a510700427256207b3366608ed39e55c SHA-1: fa62abc86b969186c7f3c151b05647836bb934e4 SHA-256: 194e6013446d79675c3c60a9742e7d3c7104eb79250af9871180b544796ee1fe
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified as a link farm, which is a common technique for distributing malicious content or phishing. While the document body is heavily obfuscated, the presence of numerous links and a critical heuristic firing for PDF_SEO_LINK_FARM strongly suggests a malicious intent to redirect users. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9778

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/1a03a00a09a09a02/The-Mara-Dyer-Trilogy-Mara-Dyer-1-3-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/4a03a07a07a00a08/The-Evolution-of-Mara-Dyer-Mara-Dyer-2-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/4a09a01a01a01a01/The-Unbecoming-of-Mara-Dyer-Mara-Dyer-1-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/3a05a07a08a09a04/The-Unbecoming-of-Mara-Dyer-Mara-Dyer-1-by-Michelle-Hodkin.pdf
    • http://muicuiu.dumb1.com/1a01a01a09a00a07a00/Liebe-fragt-zweimal-Eine-Mara-Schicksals-Novelle-als-E-Book-German-Edition-by-Mara-Trevek.pdf
    • http://muicuiu.dumb1.com/1a05a05a03a00a08/The-Story-of-General-Dann-and-Mara-s-Daughter-Griot-and-the-Snow-Dog-Mara-and-Dann-2-by-Doris-Lessing.pdf
    • http://muicuiu.dumb1.com/1a09a08a05a04a08/No-Light-The-Dems-Trilogy-1-by-Devi-Mara.pdf
    • http://muicuiu.dumb1.com/5a03a01a09a03a01/The-Essential-Wayne-Dyer-Collection-by-Wayne-W-Dyer.pdf
    • http://muicuiu.dumb1.com/4a00a00a00/Where-Am-I-Now-by-Mara-Wilson.pdf
    • http://muicuiu.dumb1.com/1a01a00a02a04a03/Masha-by-Mara-Kay.pdf
    • http://muicuiu.dumb1.com/1a05a00a04a07a04/Whitebeam-by-K-M-del-Mara.pdf
    • http://muicuiu.dumb1.com/7a01a04a06a08a07/The-Seven-Continents-by-Wil-Mara.pdf
    • http://muicuiu.dumb1.com/4a06a00a05a08a02/Defiant-by-Mara-Li.pdf
    • http://muicuiu.dumb1.com/9a08a06a09a08/Notorious-by-Mara-Joaquin.pdf
    • http://muicuiu.dumb1.com/3a04a06a06a00a05/Tides-by-Mara-Oudenes.pdf
    • http://muicuiu.dumb1.com/3a03a04a06a04a04/The-Catalyst-by-Devi-Mara.pdf
    • http://muicuiu.dumb1.com/7a02a04a08a01/Cause-and-Conscience-by-Mara-Purl.pdf
    • http://muicuiu.dumb1.com/6a02a05a06a03a04/The-Gemini-Virus-by-Wil-Mara.pdf
    • http://muicuiu.dumb1.com/2a08a01a04a04a07/Kingdom-Come-by-Devi-Mara.pdf
    • http://muicuiu.dumb1.com/1a05a00a07a06a00/Passage-Oak-The-Silent-Grove-2-by-K-M-del-Mara.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.